Nasm : Security Vulnerabilities, CVEs, (Denial of service)
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
Max CVSS
7.8
EPSS Score
0.52%
Published
2017-07-08
Updated
2019-03-28
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
Max CVSS
7.8
EPSS Score
0.44%
Published
2018-04-21
Updated
2020-07-13
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
Max CVSS
7.5
EPSS Score
0.13%
Published
2017-12-21
Updated
2019-10-03
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
Max CVSS
6.8
EPSS Score
1.42%
Published
2008-06-16
Updated
2018-10-30
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
Max CVSS
5.5
EPSS Score
0.42%
Published
2017-09-09
Updated
2019-03-28
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
Max CVSS
5.5
EPSS Score
0.48%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
Max CVSS
5.5
EPSS Score
0.15%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.38%
Published
2017-12-21
Updated
2019-10-03
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
Max CVSS
5.5
EPSS Score
0.38%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.16%
Published
2017-12-21
Updated
2019-03-26
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-12-21
Updated
2022-08-02
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
Max CVSS
5.5
EPSS Score
0.38%
Published
2017-12-21
Updated
2022-08-02
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
Max CVSS
5.5
EPSS Score
0.08%
Published
2017-12-21
Updated
2022-08-02
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
Max CVSS
5.5
EPSS Score
0.20%
Published
2018-09-06
Updated
2020-11-10
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
Max CVSS
5.5
EPSS Score
0.18%
Published
2018-09-13
Updated
2020-07-13
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-11-12
Updated
2018-12-13
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
Max CVSS
5.5
EPSS Score
0.05%
Published
2018-11-12
Updated
2019-10-03
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-11-30
Updated
2018-12-21
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
Max CVSS
5.5
EPSS Score
0.07%
Published
2018-12-28
Updated
2019-01-18
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
Max CVSS
5.5
EPSS Score
0.06%
Published
2018-12-28
Updated
2019-01-10
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2019-01-15
Updated
2020-08-24
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Max CVSS
5.5
EPSS Score
0.08%
Published
2019-01-15
Updated
2020-08-24
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
Max CVSS
5.5
EPSS Score
0.06%
Published
2019-01-29
Updated
2020-08-24