Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2017-10686: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

SUSE: CVE-2017-10686: SUSE Linux Security Advisory

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

06/29/2017

Created

07/25/2018

Added

08/04/2017

Modified

06/20/2021

Description

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.

Solution(s)

suse-upgrade-firefox-atk-lang
suse-upgrade-firefox-gdk-pixbuf-lang
suse-upgrade-firefox-gdk-pixbuf-query-loaders
suse-upgrade-firefox-gdk-pixbuf-thumbnailer
suse-upgrade-firefox-gio-branding-upstream
suse-upgrade-firefox-glib2-lang
suse-upgrade-firefox-glib2-tools
suse-upgrade-firefox-gtk3-branding-upstream
suse-upgrade-firefox-gtk3-data
suse-upgrade-firefox-gtk3-immodule-amharic
suse-upgrade-firefox-gtk3-immodule-inuktitut
suse-upgrade-firefox-gtk3-immodule-multipress
suse-upgrade-firefox-gtk3-immodule-thai
suse-upgrade-firefox-gtk3-immodule-vietnamese
suse-upgrade-firefox-gtk3-immodule-xim
suse-upgrade-firefox-gtk3-immodules-tigrigna
suse-upgrade-firefox-gtk3-lang
suse-upgrade-firefox-gtk3-tools
suse-upgrade-firefox-libatk-1_0-0
suse-upgrade-firefox-libcairo-gobject2
suse-upgrade-firefox-libcairo2
suse-upgrade-firefox-libffi4
suse-upgrade-firefox-libffi7
suse-upgrade-firefox-libgdk_pixbuf-2_0-0
suse-upgrade-firefox-libgtk-3-0
suse-upgrade-firefox-libharfbuzz0
suse-upgrade-firefox-libpango-1_0-0
suse-upgrade-libfirefox-gio-2_0-0
suse-upgrade-libfirefox-glib-2_0-0
suse-upgrade-libfirefox-gmodule-2_0-0
suse-upgrade-libfirefox-gobject-2_0-0
suse-upgrade-libfirefox-gthread-2_0-0
suse-upgrade-libfreebl3
suse-upgrade-libfreebl3-32bit
suse-upgrade-libsoftokn3
suse-upgrade-libsoftokn3-32bit
suse-upgrade-mozilla-nspr
suse-upgrade-mozilla-nspr-32bit
suse-upgrade-mozilla-nspr-devel
suse-upgrade-mozilla-nss
suse-upgrade-mozilla-nss-32bit
suse-upgrade-mozilla-nss-certs
suse-upgrade-mozilla-nss-certs-32bit
suse-upgrade-mozilla-nss-devel
suse-upgrade-mozilla-nss-tools
suse-upgrade-mozillafirefox
suse-upgrade-mozillafirefox-branding-sled
suse-upgrade-mozillafirefox-translations-common
suse-upgrade-mozillafirefox-translations-other
suse-upgrade-nasm

References

SUSE-SU-2017:2044-1
SUSE-SU-2017:2045-1
SUSE-SU-2019:14246-1
GLSA-201903-19
USN-3694-1
CVE-2017-10686

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2017-10686: SUSE Linux Security Advisory

SUSE: CVE-2017-10686: SUSE Linux Security Advisory

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.