CVE-2018-16517

MEDIUM

Netwide Assembler < 2.13.03 - Denial of Service via Crafted File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-16517. PoCs published by Fakhri Zulkifli.

AI-analyzed exploit summary This PoC demonstrates a NULL pointer dereference vulnerability in NASM 2.14rc15 and earlier, triggered by a crafted assembly file. The issue occurs in `asm/labels.c` when `insn_is_label` remains FALSE, leaving `result->label` as NULL, which is then dereferenced in `islocal()`.

Description

asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.

Exploits (1)

exploitdb WORKING POC

by Fakhri Zulkifli · textdosmultiple

https://www.exploit-db.com/exploits/46726

View Code ZIP pw:eip

This PoC demonstrates a NULL pointer dereference vulnerability in NASM 2.14rc15 and earlier, triggered by a crafted assembly file. The issue occurs in `asm/labels.c` when `insn_is_label` remains FALSE, leaving `result->label` as NULL, which is then dereferenced in `islocal()`.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Netwide Assembler (NASM) 2.14rc15 and earlier

No auth needed

Prerequisites: A crafted assembly file with specific content

MITRE ATT&CK