CVE-2017-10686
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-10686
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Netwide Assembler tool nasm 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Netwide Assembler (NASM)是一个基于Linux的汇编器,它能够创建二进制文件并编写引导加载程序。tool nasm是NASM的用户工具。 NASM 2.14rc0版本中的tool nasm存在释放后重用漏洞。远程攻击者可利用该漏洞可能执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2017-10686
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-10686
Please Login to view more intelligence information
- https://bugzilla.nasm.us/show_bug.cgi?id=3392414x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-10686
Same Patch Batch · n/a · 2017-06-29 · 17 CVEs total
| CVE-2017-10683 | mpg123 缓冲区错误漏洞 | |
| CVE-2017-10684 | ncurses 缓冲区错误漏洞 | |
| CVE-2017-10685 | ncurses 格式化字符串漏洞 | |
| CVE-2017-10687 | LibSass 缓冲区错误漏洞 | |
| CVE-2017-10688 | Silicon Graphics LibTIFF 安全漏洞 | |
| CVE-2017-10678 | Piwigo 安全漏洞 | |
| CVE-2017-10679 | Piwigo 安全漏洞 | |
| CVE-2017-10680 | Piwigo 跨站请求伪造漏洞 | |
| CVE-2017-10681 | Piwigo 跨站请求伪造漏洞 | |
| CVE-2017-10682 | Piwigo SQL注入漏洞 | |
| CVE-2017-4997 | EMC VASA Provider Virtual Appliance 安全漏洞 | |
| CVE-2017-10671 | sthttpd 缓冲区错误漏洞 | |
| CVE-2017-10672 | Perl XML-LibXML模块安全漏洞 | |
| CVE-2017-10673 | Cagintranet Networks GetSimple CMS 跨站脚本漏洞 | |
| CVE-2016-10042 | Swisscom Arcadyan SLT-00 Star* 安全漏洞 | |
| CVE-2017-10667 | Zen Cart 跨站脚本漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8196
JeecgBoot mLogin Endpoint LoginController.java authorization - CVE-2026-8195
JeecgBoot SVG File CommonController.java cross site scriptin - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-8186
Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-
V. Comments for CVE-2017-10686
No comments yet