Nasm Netwide Assembler vulnerabilities

CVE-2025-8842 [MEDIUM] CWE-119 CVE-2025-8842: A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the funct A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-8845 [MEDIUM] CWE-119 CVE-2025-8845: A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function ass A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

CVE-2025-8844 [MEDIUM] CWE-404 CVE-2025-8844: A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the func A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

CVE-2025-8846 [MEDIUM] CWE-119 CVE-2025-8846: A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

CVE-2025-8843 [MEDIUM] CWE-119 CVE-2025-8843: A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_ A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

CVE-2020-21687 [MEDIUM] CWE-787 CVE-2020-21687: Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

CVE-2023-38667 [MEDIUM] CWE-125 CVE-2023-38667: Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of s Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.

CVE-2023-38668 [MEDIUM] CWE-125 CVE-2023-38668: Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (c Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).

CVE-2020-21686 [MEDIUM] CWE-562 CVE-2020-21686: A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.

CVE-2020-21685 [MEDIUM] CWE-787 CVE-2020-21685: Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote atta Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

CVE-2023-38665 [MEDIUM] CWE-476 CVE-2023-38665: Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of se Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).

CVE-2020-18780 [MEDIUM] CWE-416 CVE-2020-18780: A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attacke A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.

CVE-2020-21528 [MEDIUM] CVE-2020-21528: A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2 A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.

CVE-2022-29654 [MEDIUM] CWE-120 CVE-2022-29654: Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attacke Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

CVE-2023-31722 [HIGH] CWE-787 CVE-2023-31722: There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

CVE-2022-44370 [HIGH] CWE-787 CVE-2022-44370: NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/n NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856

CVE-2022-44369 [MEDIUM] CWE-476 CVE-2022-44369: NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c. NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.

CVE-2022-44368 [MEDIUM] CWE-476 CVE-2022-44368: NASM v2.16 was discovered to contain a null pointer deference in the NASM component NASM v2.16 was discovered to contain a null pointer deference in the NASM component

CVE-2022-46456 [MEDIUM] CWE-120 CVE-2022-46456: NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at / NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

CVE-2022-46457 [MEDIUM] CWE-125 CVE-2022-46457: NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /o NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.