Nasm Netwide Assembler vulnerabilities
72 known vulnerabilities affecting nasm/netwide_assembler.
Total CVEs
72
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH14MEDIUM54LOW1
Vulnerabilities
Page 2 of 4
CVE-2022-41420MEDIUMCVSS 5.5v2.162022-10-03
CVE-2022-41420 [MEDIUM] CWE-787 CVE-2022-41420: nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
nvd
CVE-2021-33450MEDIUMCVSS 5.5v2.162022-07-26
CVE-2021-33450 [MEDIUM] CWE-401 CVE-2021-33450: An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
nvd
CVE-2021-33452MEDIUMCVSS 5.5v2.162022-07-26
CVE-2021-33452 [MEDIUM] CWE-401 CVE-2021-33452: An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
nvd
CVE-2021-45256MEDIUMCVSS 5.5v2.162021-12-22
CVE-2021-45256 [MEDIUM] CWE-476 CVE-2021-45256: A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
nvd
CVE-2021-45257MEDIUMCVSS 5.5v2.162021-12-22
CVE-2021-45257 [MEDIUM] CWE-835 CVE-2021-45257: An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
nvd
CVE-2020-18974LOWCVSS 3.3≥ 2.15, ≤ 2.15.052021-08-25
CVE-2020-18974 [LOW] CVE-2020-18974: Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service v
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
nvd
CVE-2020-24978CRITICALCVSS 9.8v2.15.042020-09-04
CVE-2020-24978 [CRITICAL] CWE-415 CVE-2020-24978: In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
nvd
CVE-2020-24242MEDIUMCVSS 5.5v2.152020-08-25
CVE-2020-24242 [MEDIUM] CVE-2020-24242: In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessin
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.
nvd
CVE-2020-24241MEDIUMCVSS 5.5v2.152020-08-25
CVE-2020-24241 [MEDIUM] CWE-416 CVE-2020-24241: In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
nvd
CVE-2019-20352HIGHCVSS 7.1v2.152020-01-06
CVE-2019-20352 [HIGH] CWE-125 CVE-2019-20352: In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file)
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
nvd
CVE-2019-20334MEDIUMCVSS 5.5v2.14.022020-01-04
CVE-2019-20334 [MEDIUM] CWE-674 CVE-2019-20334: In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
nvd
CVE-2019-14248MEDIUMCVSS 5.5≥ 2.14, ≤ 2.14.022019-07-24
CVE-2019-14248 [MEDIUM] CWE-476 CVE-2019-14248: In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
nvd
CVE-2019-8343HIGHCVSS 7.8v2.14.022019-02-15
CVE-2019-8343 [HIGH] CWE-416 CVE-2019-8343: In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
nvd
CVE-2019-7147MEDIUMCVSS 5.5v2.142019-01-29
CVE-2019-7147 [MEDIUM] CWE-125 CVE-2019-7147: A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM)
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
nvd
CVE-2019-6291MEDIUMCVSS 5.5≤ 2.14.022019-01-15
CVE-2019-6291 [MEDIUM] CWE-674 CVE-2019-6291: An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02.
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a
nvd
CVE-2019-6290MEDIUMCVSS 5.5≤ 2.14.022019-01-15
CVE-2019-6290 [MEDIUM] CWE-674 CVE-2019-6290: An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. Th
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a
nvd
CVE-2018-20538MEDIUMCVSS 5.5v2.14.02018-12-28
CVE-2018-20538 [MEDIUM] CWE-416 CVE-2018-20538: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc1
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
nvd
CVE-2018-20535MEDIUMCVSS 5.5v2.14.02018-12-28
CVE-2018-20535 [MEDIUM] CWE-416 CVE-2018-20535: There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc1
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
nvd
CVE-2018-1000886MEDIUMCVSS 5.5v2.14.01rc5v2.152018-12-20
CVE-2018-1000886 [MEDIUM] CWE-119 CVE-2018-1000886: nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.
nvd
CVE-2018-19755MEDIUMCVSS 5.5v12.142018-11-30
CVE-2018-19755 [MEDIUM] CWE-20 CVE-2018-19755: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
nvd