Nasm Netwide Assembler vulnerabilities

CVE-2017-17811 [MEDIUM] CVE-2017-17811: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.

CVE-2017-17815 [MEDIUM] CWE-754 CVE-2017-17815: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/prepro In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.

CVE-2017-17812 [MEDIUM] CWE-125 CVE-2017-17812: In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken( In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.

CVE-2017-17817 [MEDIUM] CWE-416 CVE-2017-17817: In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that wi In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.

CVE-2017-17819 [MEDIUM] CWE-476 CVE-2017-17819: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.

CVE-2017-17810 [MEDIUM] CWE-20 CVE-2017-17810: In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote d In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.

CVE-2017-14228 [MEDIUM] CWE-476 CVE-2017-14228: In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.

CVE-2017-11111 [HIGH] CWE-119 CVE-2017-11111: In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-10686 [HIGH] CWE-416 CVE-2017-10686: In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the t In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-link

CVE-2008-7177 [CRITICAL] CVE-2008-7177: Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.

CVE-2008-2719 [MEDIUM] CWE-189 CVE-2008-2719: Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context- Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

CVE-2004-1287 [CRITICAL] CWE-787 CVE-2004-1287: Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.