vulnerability
Amazon Linux 2023: CVE-2022-44370: Important priority package update for nasm
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:M/Au:N/C:N/I:C/A:C) | Oct 2, 2022 | Feb 17, 2025 | Jul 4, 2025 |
Severity
6
CVSS
(AV:L/AC:M/Au:N/C:N/I:C/A:C)
Published
Oct 2, 2022
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
A heap-based buffer overflow flaw was found in nasm's quote_for_pmake() function in asm/nasm.c file. This flaw allows a local attacker to pass a specially crafted malicious input file, causing an application to halt or crash, leading to a denial of service.
A heap-based buffer overflow flaw was found in nasm's quote_for_pmake() function in asm/nasm.c file. This flaw allows a local attacker to pass a specially crafted malicious input file, causing an application to halt or crash, leading to a denial of service.
Solutions
amazon-linux-2023-upgrade-nasmamazon-linux-2023-upgrade-nasm-debuginfoamazon-linux-2023-upgrade-nasm-debugsourceamazon-linux-2023-upgrade-nasm-docamazon-linux-2023-upgrade-nasm-rdoffamazon-linux-2023-upgrade-nasm-rdoff-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.