rpm package
suse/nasm&distro=SUSE Linux Enterprise Module for Development Tools 15 SP1
pkg:rpm/suse/nasm&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1
Vulnerabilities (13)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-19216 | — | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Nov 12, 2018 | Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. | ||
| CVE-2018-19215 | — | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Nov 12, 2018 | Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. | ||
| CVE-2018-19214 | — | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Nov 12, 2018 | Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. | ||
| CVE-2018-16999 | Med | 5.5 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Sep 13, 2018 | Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. | |
| CVE-2018-16517 | Med | 5.5 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Sep 6, 2018 | asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. | |
| CVE-2018-1000667 | Med | 5.5 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Sep 6, 2018 | NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c | |
| CVE-2018-16382 | Med | 5.5 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Sep 3, 2018 | Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. | |
| CVE-2018-10316 | Med | 5.5 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Apr 24, 2018 | Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. | |
| CVE-2018-10254 | Hig | 7.8 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Apr 21, 2018 | Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. | |
| CVE-2018-10016 | Med | 5.5 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Apr 11, 2018 | Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. | |
| CVE-2018-8883 | Hig | 7.8 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Mar 20, 2018 | Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. | |
| CVE-2018-8882 | Hig | 7.8 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Mar 20, 2018 | Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. | |
| CVE-2018-8881 | Hig | 7.3 | < 2.14.02-3.4.1 | 2.14.02-3.4.1 | Mar 20, 2018 | Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. |
- CVE-2018-19216Nov 12, 2018affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
- CVE-2018-19215Nov 12, 2018affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
- CVE-2018-19214Nov 12, 2018affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
- affected < 2.14.02-3.4.1fixed 2.14.02-3.4.1
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.