NASM Stack-Based Buffer Overflow Vulnerability in Version 2.17rc0

A stack-based buffer overflow vulnerability has been identified in NASM (Netwide Assembler) version 2.17rc0. The issue arises in the 'assemble_file' function within 'nasm.c', where insufficient bounds checking allows for writing beyond the limits of a stack-allocated buffer. This vulnerability can be exploited locally, leading to stack memory corruption that may cause a program crash or potentially allow for arbitrary code execution.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can corrupt adjacent stack memory, potentially overwriting critical data such as return addresses. This stack corruption can lead to a program crash or, in some cases, arbitrary code execution.

Reproduction

The vulnerability can be reproduced by compiling NASM with AddressSanitizer enabled and then executing it with a malformed assembly file that triggers the buffer overflow. The AddressSanitizer will report the stack-buffer-overflow error, indicating that the vulnerability has been successfully exploited.