CVE-2022-44370 – CVE-2022-44370 is a heap buffer overflow vulner... (How to Fix)

Q: What is the severity of CVE-2022-44370?

CVE-2022-44370 has a CVSS score of 7.8 (HIGH). CVE-2022-44370 is a heap buffer overflow vulnerability in NASM (Netwide Assembler) v2.16 that allows attackers to execute arbitrary code or cause denial of service. The vulnerability affects systems using NASM to process malicious assembly files. Users and developers who compile assembly code with vulnerable NASM versions are at risk.

📋 TL;DR

CVE-2022-44370 is a heap buffer overflow vulnerability in NASM (Netwide Assembler) v2.16 that allows attackers to execute arbitrary code or cause denial of service. The vulnerability affects systems using NASM to process malicious assembly files. Users and developers who compile assembly code with vulnerable NASM versions are at risk.

💻 Affected Systems

Products:

NASM (Netwide Assembler)

Versions: Version 2.16 specifically

Operating Systems: All operating systems running NASM

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects NASM 2.16; other versions are not vulnerable. The vulnerability is in the quote_for_pmake() function.

📦 What is this software?

Netwide Assembler by Nasm

View all CVEs affecting Netwide Assembler →

Netwide Assembler by Nasm

View all CVEs affecting Netwide Assembler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if NASM processes attacker-controlled input.

🟠

Likely Case

Application crash (denial of service) when processing specially crafted assembly files.

🟢

If Mitigated

Limited impact if NASM only processes trusted assembly files from secure sources.

🌐 Internet-Facing: LOW - NASM is typically used as a development tool, not directly internet-exposed.

🏢 Internal Only: MEDIUM - Could be exploited via malicious assembly files in development pipelines or build systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires feeding malicious input to NASM, typically through assembly files. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: NASM 2.16.01 or later

Vendor Advisory: https://bugzilla.nasm.us/show_bug.cgi?id=3392815

Restart Required: No

Instructions:

1. Download latest NASM from https://www.nasm.us/ 2. Compile and install following official instructions 3. Verify installation with 'nasm -v' shows 2.16.01 or higher

🔧 Temporary Workarounds

Avoid processing untrusted assembly files

all

Only use NASM with trusted assembly source files from verified sources

Use alternative assembler

all

Temporarily switch to YASM or other assemblers until NASM is patched

🧯 If You Can't Patch

Restrict NASM usage to trusted users only
Implement file integrity monitoring on assembly source files

🔍 How to Verify

Check if Vulnerable:

Run 'nasm -v' and check if output contains '2.16' (without .01 or higher)

Check Version:

nasm -v

Verify Fix Applied:

Run 'nasm -v' and confirm version is 2.16.01 or higher

📡 Detection & Monitoring

Log Indicators:

NASM process crashes with segmentation faults
Unexpected termination of build processes using NASM

Network Indicators:

None - this is a local vulnerability

SIEM Query:

Process name contains 'nasm' AND (Exit code = 139 OR Signal = SIGSEGV)

📊 Metadata

CVE ID: CVE-2022-44370

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: March 29, 2023

Last Updated: November 21, 2024

🔗 References

https://bugzilla.nasm.us/show_bug.cgi?id=3392815 Exploit,Issue Tracking,Vendor Advisory
https://security.gentoo.org/glsa/202312-09
https://bugzilla.nasm.us/show_bug.cgi?id=3392815 Exploit,Issue Tracking,Vendor Advisory
https://security.gentoo.org/glsa/202312-09

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-44370, you might also want to check these: