What is CVE-2017-10686?

CVE-2017-10686 is a high-severity vulnerability in Nasm Netwide_assembler, classified under Use After Free. CVSS score: 7.8/10. Published 2017-06-29.

How severe is CVE-2017-10686?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2017-10686 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Nasm Netwide_assembler

CVE-2017-10686

In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used a…

Vulnerability class: Use-After-Free

EPSS: 0.005 (64.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Nasm Netwide_assembler — versions 2.14
Canonical Ubuntu_linux — versions 14.04
N/a — versions n/a

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
cve@mitre.org (Exploit, Patch, VDB Entry, Third Party Advisory, x_refsource_MISC, Issue Tracking)
cve@mitre.org (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2017-10686?: CVE-2017-10686 is a high-severity vulnerability in Nasm Netwide_assembler, classified under Use After Free. CVSS score: 7.8/10. Published 2017-06-29.
How severe is CVE-2017-10686?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2017-10686 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.