Vendor CVEs
Nasm
All CVEs
73 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45256 | 0.00 | — | 0.01 | Dec 22, 2021 | A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. | |||
| CVE-2020-18974 | 0.00 | — | 0.01 | Aug 25, 2021 | Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | |||
| CVE-2020-24978 | 0.00 | — | 0.01 | Sep 3, 2020 | In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7. | |||
| CVE-2020-24242 | 0.00 | — | 0.01 | Aug 25, 2020 | In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | |||
| CVE-2020-24241 | 0.00 | — | 0.01 | Aug 25, 2020 | In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. | |||
| CVE-2019-20352 | 0.00 | — | 0.01 | Jan 6, 2020 | In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. | |||
| CVE-2019-20334 | 0.00 | — | 0.01 | Jan 4, 2020 | In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | |||
| CVE-2019-14248 | 0.00 | — | 0.01 | Jul 24, 2019 | In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled. | |||
| CVE-2019-8343 | 0.00 | — | 0.01 | Feb 15, 2019 | In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. | |||
| CVE-2019-7147 | 0.00 | — | 0.01 | Jan 29, 2019 | A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. | |||
| CVE-2019-6290 | 0.00 | — | 0.01 | Jan 15, 2019 | An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote… | |||
| CVE-2019-6291 | 0.00 | — | 0.01 | Jan 15, 2019 | An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote… | |||
| CVE-2018-20538 | 0.00 | — | 0.01 | Dec 28, 2018 | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests. | |||
| CVE-2018-20535 | 0.00 | — | 0.01 | Dec 28, 2018 | There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt. | |||
| CVE-2018-1000886 | 0.00 | — | 0.01 | Dec 20, 2018 | nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. | |||
| CVE-2018-19755 | 0.00 | — | 0.01 | Nov 30, 2018 | There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer. | |||
| CVE-2018-19216 | 0.00 | — | 0.01 | Nov 12, 2018 | Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. | |||
| CVE-2018-19213 | 0.00 | — | 0.01 | Nov 12, 2018 | Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c. | |||
| CVE-2018-19215 | 0.00 | — | 0.01 | Nov 12, 2018 | Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters. | |||
| CVE-2018-19214 | 0.00 | — | 0.01 | Nov 12, 2018 | Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input. | |||
| CVE-2018-19209 | 0.00 | — | 0.01 | Nov 12, 2018 | Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack. | |||
| CVE-2008-7177 | 0.00 | — | 0.02 | Sep 8, 2009 | Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719. | |||
| CVE-2005-1194 | 0.00 | — | 0.01 | May 4, 2005 | Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. |
- CVE-2021-45256Dec 22, 2021risk 0.00cvss —epss 0.01
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
- CVE-2020-18974Aug 25, 2021risk 0.00cvss —epss 0.01
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
- CVE-2020-24978Sep 3, 2020risk 0.00cvss —epss 0.01
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
- CVE-2020-24242Aug 25, 2020risk 0.00cvss —epss 0.01
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.
- CVE-2020-24241Aug 25, 2020risk 0.00cvss —epss 0.01
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
- CVE-2019-20352Jan 6, 2020risk 0.00cvss —epss 0.01
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
- CVE-2019-20334Jan 4, 2020risk 0.00cvss —epss 0.01
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
- CVE-2019-14248Jul 24, 2019risk 0.00cvss —epss 0.01
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
- CVE-2019-8343Feb 15, 2019risk 0.00cvss —epss 0.01
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
- CVE-2019-7147Jan 29, 2019risk 0.00cvss —epss 0.01
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
- CVE-2019-6290Jan 15, 2019risk 0.00cvss —epss 0.01
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote…
- CVE-2019-6291Jan 15, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote…
- CVE-2018-20538Dec 28, 2018risk 0.00cvss —epss 0.01
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
- CVE-2018-20535Dec 28, 2018risk 0.00cvss —epss 0.01
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
- CVE-2018-1000886Dec 20, 2018risk 0.00cvss —epss 0.01
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.
- CVE-2018-19755Nov 30, 2018risk 0.00cvss —epss 0.01
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
- CVE-2018-19216Nov 12, 2018risk 0.00cvss —epss 0.01
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
- CVE-2018-19213Nov 12, 2018risk 0.00cvss —epss 0.01
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
- CVE-2018-19215Nov 12, 2018risk 0.00cvss —epss 0.01
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
- CVE-2018-19214Nov 12, 2018risk 0.00cvss —epss 0.01
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
- CVE-2018-19209Nov 12, 2018risk 0.00cvss —epss 0.01
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
- CVE-2008-7177Sep 8, 2009risk 0.00cvss —epss 0.02
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
- CVE-2005-1194May 4, 2005risk 0.00cvss —epss 0.01
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
Page 2 of 2