Nasm Netwide Assembler vulnerabilities

CVE-2018-19215 [HIGH] CWE-125 CVE-2018-19215: Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/pre Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.

CVE-2018-19216 [HIGH] CWE-416 CVE-2018-19216: Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.

CVE-2018-19214 [HIGH] CWE-125 CVE-2018-19214: Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/pre Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.

CVE-2018-19213 [MEDIUM] CWE-772 CVE-2018-19213: Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_mal Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.

CVE-2018-19209 [MEDIUM] CWE-476 CVE-2018-19209: Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/l Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.

CVE-2018-16999 [MEDIUM] CWE-787 CVE-2018-16999: Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.

CVE-2018-16517 [MEDIUM] CWE-476 CVE-2018-16517: asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the atta asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.

CVE-2018-1000667 [MEDIUM] CWE-119 CVE-2018-1000667: NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack a

CVE-2018-16382 [MEDIUM] CWE-125 CVE-2018-16382: Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.

CVE-2018-10316 [MEDIUM] CWE-190 CVE-2018-10316: Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.

CVE-2018-10254 [HIGH] CWE-125 CVE-2018-10254: Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disas Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.

CVE-2018-10016 [MEDIUM] CWE-369 CVE-2018-10016: Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/e Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.

CVE-2018-8882 [HIGH] CWE-119 CVE-2018-8882: Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.

CVE-2018-8881 [HIGH] CWE-125 CVE-2018-8881: Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in as Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.

CVE-2018-8883 [HIGH] CWE-125 CVE-2018-8883: Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser. Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.

CVE-2017-17818 [HIGH] CWE-125 CVE-2017-17818: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.

CVE-2017-17816 [MEDIUM] CWE-416 CVE-2017-17816: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that w In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.

CVE-2017-17813 [MEDIUM] CWE-416 CVE-2017-17813: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.

CVE-2017-17814 [MEDIUM] CWE-416 CVE-2017-17814: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.

CVE-2017-17820 [MEDIUM] CWE-416 CVE-2017-17820: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.