Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2017-10686 | First vendor Publication | 2017-06-29 |
| Vendor | Cve | Last vendor Modification | 2019-03-28 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 7.8 | ||
| Base Score | 7.8 | Environmental Score | 7.8 |
| impact SubScore | 5.9 | Temporal Score | 7.8 |
| Exploitabality Sub Score | 1.8 | ||
| Attack Vector | Local | Attack Complexity | Low |
| Privileges Required | None | User Interaction | Required |
| Scope | Unchanged | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10686 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-416 | Use After Free |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Os | 1 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2017-08-21 | Name : The remote Fedora host is missing a security update. File : fedora_2017-a1fe6d2b86.nasl - Type : ACT_GATHER_INFO |
| 2017-08-18 | Name : The remote Fedora host is missing a security update. File : fedora_2017-6186f95179.nasl - Type : ACT_GATHER_INFO |
| 2017-08-10 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2017-901.nasl - Type : ACT_GATHER_INFO |
| 2017-07-31 | Name : The remote Debian host is missing a security update. File : debian_DLA-1041.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| GENTOO | https://security.gentoo.org/glsa/201903-19 |
| MISC | https://bugzilla.nasm.us/show_bug.cgi?id=3392414 |
| UBUNTU | https://usn.ubuntu.com/3694-1/ |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:55:44 |
|
| 2021-04-22 02:08:13 |
|
| 2020-05-23 00:54:46 |
|
| 2019-03-28 12:03:54 |
|
| 2019-03-26 21:19:23 |
|
| 2018-06-30 09:19:17 |
|
| 2017-08-22 13:24:46 |
|
| 2017-08-19 13:24:47 |
|
| 2017-08-11 13:25:02 |
|
| 2017-08-02 13:24:44 |
|
| 2017-07-17 21:22:59 |
|
| 2017-06-30 05:21:45 |
|
