NASM
by Nasm
Source repositories
CVEs (42)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-24978 | Cri | 0.64 | 9.8 | 0.01 | Sep 4, 2020 | In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | ||
| CVE-2026-6068 | Cri | 0.62 | 9.6 | 0.00 | Apr 10, 2026 | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption… | ||
| CVE-2023-31722 | Hig | 0.51 | 7.8 | 0.00 | May 17, 2023 | There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). | ||
| CVE-2022-44370 | Hig | 0.51 | 7.8 | 0.00 | Mar 29, 2023 | NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 | ||
| CVE-2019-8343 | Hig | 0.51 | 7.8 | 0.01 | Feb 15, 2019 | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | ||
| CVE-2018-8883 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2018 | Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags. | ||
| CVE-2018-8882 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2018 | Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value. | ||
| CVE-2026-6069 | Hig | 0.49 | 7.5 | 0.00 | Apr 10, 2026 | NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | ||
| CVE-2018-8881 | Hig | 0.48 | 7.3 | 0.01 | Mar 20, 2018 | Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. | ||
| CVE-2022-46456 | Med | 0.40 | 6.1 | 0.00 | Jan 4, 2023 | NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. | ||
| CVE-2026-6067 | Med | 0.36 | 5.5 | 0.00 | Apr 10, 2026 | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of… | ||
| CVE-2023-38668 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). | ||
| CVE-2023-38667 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. | ||
| CVE-2023-38665 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). | ||
| CVE-2022-29654 | Med | 0.36 | 5.5 | 0.01 | Aug 22, 2023 | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | ||
| CVE-2020-21687 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | ||
| CVE-2020-21686 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | ||
| CVE-2020-21685 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | ||
| CVE-2020-21528 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. | ||
| CVE-2020-18780 | Med | 0.36 | 5.5 | 0.00 | Aug 22, 2023 | A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. |
- risk 0.64cvss 9.8epss 0.01
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
- risk 0.62cvss 9.6epss 0.00
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption…
- risk 0.51cvss 7.8epss 0.00
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
- risk 0.51cvss 7.8epss 0.00
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
- risk 0.51cvss 7.8epss 0.01
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
- risk 0.51cvss 7.8epss 0.00
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
- risk 0.51cvss 7.8epss 0.00
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
- risk 0.49cvss 7.5epss 0.00
NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
- risk 0.48cvss 7.3epss 0.01
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
- risk 0.40cvss 6.1epss 0.00
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
- risk 0.36cvss 5.5epss 0.00
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of…
- risk 0.36cvss 5.5epss 0.00
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
- risk 0.36cvss 5.5epss 0.00
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
- risk 0.36cvss 5.5epss 0.00
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
- risk 0.36cvss 5.5epss 0.01
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
- risk 0.36cvss 5.5epss 0.00
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
- risk 0.36cvss 5.5epss 0.00
A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
- risk 0.36cvss 5.5epss 0.00
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
Page 1 of 3