Vulnerabilites related to nasm - netwide_assembler
cve-2022-46456
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392814", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-04T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392814", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46456", datePublished: "2023-01-04T00:00:00", dateReserved: "2022-12-05T00:00:00", dateUpdated: "2024-08-03T14:31:46.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-21687
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 19:58
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:30:33.673Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392645", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-21687", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T19:58:18.308631Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T19:58:29.098Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:36.166716", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392645", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-21687", datePublished: "2023-08-22T00:00:00", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-10-03T19:58:29.098Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19213
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-09-16 18:29
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392524 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.035Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392524", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-12T19:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392524", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19213", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392524", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392524", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19213", datePublished: "2018-11-12T19:00:00Z", dateReserved: "2018-11-12T00:00:00Z", dateUpdated: "2024-09-16T18:29:28.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8883
Vulnerability from cvelistv5
Published
2018-03-20 23:00
Modified
2024-08-05 07:10
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392447 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:10:46.508Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-20T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:25", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8883", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8883", datePublished: "2018-03-20T23:00:00", dateReserved: "2018-03-20T00:00:00", dateUpdated: "2024-08-05T07:10:46.508Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10016
Vulnerability from cvelistv5
Published
2018-04-11 05:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392473 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:01.282Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392473", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-11T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392473", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10016", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392473", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392473", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10016", datePublished: "2018-04-11T05:00:00", dateReserved: "2018-04-11T00:00:00", dateUpdated: "2024-08-05T07:32:01.282Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16999
Vulnerability from cvelistv5
Published
2018-09-13 16:00
Modified
2024-08-05 10:39
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392508 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:39:59.391Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392508", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-13T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:22", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392508", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-16999", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392508", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392508", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16999", datePublished: "2018-09-13T16:00:00", dateReserved: "2018-09-13T00:00:00", dateUpdated: "2024-08-05T10:39:59.391Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17818
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392428 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.981Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17818", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17818", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.981Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44370
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2024-08-03 13:54
Severity ?
EPSS score ?
Summary
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392815 | ||
| https://security.gentoo.org/glsa/202312-09 | vendor-advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:02.572Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392815", }, { name: "GLSA-202312-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T13:06:18.453506", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392815", }, { name: "GLSA-202312-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-09", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-44370", datePublished: "2023-03-29T00:00:00", dateReserved: "2022-10-30T00:00:00", dateUpdated: "2024-08-03T13:54:02.572Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8881
Vulnerability from cvelistv5
Published
2018-03-20 23:00
Modified
2024-08-05 07:10
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392446 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:10:46.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-20T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8881", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8881", datePublished: "2018-03-20T23:00:00", dateReserved: "2018-03-20T00:00:00", dateUpdated: "2024-08-05T07:10:46.928Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-11111
Vulnerability from cvelistv5
Published
2017-07-08 17:00
Modified
2024-08-05 17:57
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392415 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201903-19 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:57:57.993Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392415", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { name: "GLSA-201903-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-07-08T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-28T04:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392415", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { name: "GLSA-201903-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-11111", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392415", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392415", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "GLSA-201903-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201903-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-11111", datePublished: "2017-07-08T17:00:00", dateReserved: "2017-07-08T00:00:00", dateUpdated: "2024-08-05T17:57:57.993Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20352
Vulnerability from cvelistv5
Published
2020-01-06 05:05
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392636 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.821Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392636", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-06T05:05:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392636", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20352", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392636", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392636", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20352", datePublished: "2020-01-06T05:05:20", dateReserved: "2020-01-06T00:00:00", dateUpdated: "2024-08-05T02:39:09.821Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33450
Vulnerability from cvelistv5
Published
2022-07-26 12:26
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392758 | x_refsource_MISC | |
| https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:50:42.431Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392758", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-26T12:26:31", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392758", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-33450", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392758", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392758", }, { name: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", refsource: "MISC", url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33450", datePublished: "2022-07-26T12:26:31", dateReserved: "2021-05-20T00:00:00", dateUpdated: "2024-08-03T23:50:42.431Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-14228
Vulnerability from cvelistv5
Published
2017-09-09 08:00
Modified
2024-08-05 19:20
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392423 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/201903-19 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:20:41.326Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { name: "GLSA-201903-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-09-09T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-28T04:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { name: "GLSA-201903-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-14228", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "GLSA-201903-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201903-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-14228", datePublished: "2017-09-09T08:00:00", dateReserved: "2017-09-09T00:00:00", dateUpdated: "2024-08-05T19:20:41.326Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-8343
Vulnerability from cvelistv5
Published
2019-02-15 07:00
Modified
2024-09-16 18:33
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392556 | ||
| https://security.gentoo.org/glsa/202312-09 | vendor-advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T21:17:31.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392556", }, { name: "GLSA-202312-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-02-15T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T13:06:20.078894", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392556", }, { name: "GLSA-202312-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-09", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-8343", datePublished: "2019-02-15T07:00:00Z", dateReserved: "2019-02-15T00:00:00Z", dateUpdated: "2024-09-16T18:33:18.676Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38667
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 13:30
Severity ?
EPSS score ?
Summary
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.911Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392812", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38667", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T13:30:07.250523Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T13:30:15.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:38.537089", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392812", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38667", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-23T00:00:00", dateUpdated: "2024-10-03T13:30:15.955Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24242
Vulnerability from cvelistv5
Published
2020-08-25 13:54
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392708 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:12:07.865Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-25T13:54:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24242", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24242", datePublished: "2020-08-25T13:54:42", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T15:12:07.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16382
Vulnerability from cvelistv5
Published
2018-09-03 02:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392503 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:24:31.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392503", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-02T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392503", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-16382", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392503", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392503", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16382", datePublished: "2018-09-03T02:00:00", dateReserved: "2018-09-02T00:00:00", dateUpdated: "2024-08-05T10:24:31.980Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10316
Vulnerability from cvelistv5
Published
2018-04-24 02:00
Modified
2024-08-05 07:39
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392474 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:39:08.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392474", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-23T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392474", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10316", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392474", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392474", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10316", datePublished: "2018-04-24T02:00:00", dateReserved: "2018-04-23T00:00:00", dateUpdated: "2024-08-05T07:39:08.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6290
Vulnerability from cvelistv5
Published
2019-01-15 00:00
Modified
2024-09-16 16:38
Severity ?
EPSS score ?
Summary
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392548 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.778Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-15T00:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-6290", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6290", datePublished: "2019-01-15T00:00:00Z", dateReserved: "2019-01-14T00:00:00Z", dateUpdated: "2024-09-16T16:38:59.227Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17819
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392435 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:18.008Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17819", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", refsource: "MISC", url: "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17819", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:18.008Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-2719
Vulnerability from cvelistv5
Published
2008-06-16 23:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T09:14:14.437Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "29656", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29656", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f", }, { name: "MDVSA-2008:120", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", "x_transferred", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:120", }, { name: "30594", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30594", }, { name: "nasm-ppscan-bo(42995)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42995", }, { name: "32059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/32059", }, { name: "[oss-security] 20080611 Re: CVE id request: nasm off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/06/11/5", }, { name: "ADV-2008-1811", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1811", }, { name: "USN-648-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/usn-648-1", }, { name: "1020259", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020259", }, { name: "[oss-security] 20080611 CVE id request: nasm off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2008/06/11/4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-11T00:00:00", descriptions: [ { lang: "en", value: "Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-07T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "29656", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29656", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f", }, { name: "MDVSA-2008:120", tags: [ "vendor-advisory", "x_refsource_MANDRIVA", ], url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:120", }, { name: "30594", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30594", }, { name: "nasm-ppscan-bo(42995)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42995", }, { name: "32059", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/32059", }, { name: "[oss-security] 20080611 Re: CVE id request: nasm off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/06/11/5", }, { name: "ADV-2008-1811", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1811", }, { name: "USN-648-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/usn-648-1", }, { name: "1020259", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020259", }, { name: "[oss-security] 20080611 CVE id request: nasm off-by-one", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2008/06/11/4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-2719", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "29656", refsource: "BID", url: "http://www.securityfocus.com/bid/29656", }, { name: "https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208", refsource: "CONFIRM", url: "https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208", }, { name: "https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115", refsource: "CONFIRM", url: "https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115", }, { name: "http://repo.or.cz/w/nasm.git?a=commit;h=76ec8e73db16f4cf1453a142d03bcc74d528f72f", refsource: "CONFIRM", url: "http://repo.or.cz/w/nasm.git?a=commit;h=76ec8e73db16f4cf1453a142d03bcc74d528f72f", }, { name: "MDVSA-2008:120", refsource: "MANDRIVA", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:120", }, { name: "30594", refsource: "SECUNIA", url: "http://secunia.com/advisories/30594", }, { name: "nasm-ppscan-bo(42995)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42995", }, { name: "32059", refsource: "SECUNIA", url: "http://secunia.com/advisories/32059", }, { name: "[oss-security] 20080611 Re: CVE id request: nasm off-by-one", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/06/11/5", }, { name: "ADV-2008-1811", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1811", }, { name: "USN-648-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/usn-648-1", }, { name: "1020259", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020259", }, { name: "[oss-security] 20080611 CVE id request: nasm off-by-one", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2008/06/11/4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-2719", datePublished: "2008-06-16T23:00:00", dateReserved: "2008-06-16T00:00:00", dateUpdated: "2024-08-07T09:14:14.437Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-21685
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-07 15:11
Severity ?
EPSS score ?
Summary
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:30:33.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392644", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-21685", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-07T15:10:03.730482Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-07T15:11:02.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:34.645544", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392644", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-21685", datePublished: "2023-08-22T00:00:00", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-10-07T15:11:02.947Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19216
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392424 | x_refsource_MISC | |
| https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.194Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { tags: [ "x_refsource_MISC", ], url: "https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19216", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { name: "https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", refsource: "MISC", url: "https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19216", datePublished: "2018-11-12T19:00:00", dateReserved: "2018-11-12T00:00:00", dateUpdated: "2024-08-05T11:30:04.194Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-16517
Vulnerability from cvelistv5
Published
2018-09-06 23:00
Modified
2024-08-05 10:24
Severity ?
EPSS score ?
Summary
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392513 | x_refsource_MISC | |
| https://fakhrizulkifli.github.io/CVE-2018-16517.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/46726/ | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T10:24:32.767Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://fakhrizulkifli.github.io/CVE-2018-16517.html", }, { name: "46726", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/46726/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-09-05T00:00:00", descriptions: [ { lang: "en", value: "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", }, { tags: [ "x_refsource_MISC", ], url: "https://fakhrizulkifli.github.io/CVE-2018-16517.html", }, { name: "46726", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/46726/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-16517", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", }, { name: "https://fakhrizulkifli.github.io/CVE-2018-16517.html", refsource: "MISC", url: "https://fakhrizulkifli.github.io/CVE-2018-16517.html", }, { name: "46726", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/46726/", }, { name: "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-16517", datePublished: "2018-09-06T23:00:00", dateReserved: "2018-09-05T00:00:00", dateUpdated: "2024-08-05T10:24:32.767Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-14248
Vulnerability from cvelistv5
Published
2019-07-24 03:30
Modified
2024-08-05 00:12
Severity ?
EPSS score ?
Summary
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392576 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:12:42.584Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392576", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when \"%pragma limit\" is mishandled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-07-24T03:30:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392576", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-14248", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when \"%pragma limit\" is mishandled.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392576", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392576", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-14248", datePublished: "2019-07-24T03:30:01", dateReserved: "2019-07-23T00:00:00", dateUpdated: "2024-08-05T00:12:42.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-18974
Vulnerability from cvelistv5
Published
2021-08-25 15:54
Modified
2024-08-04 14:08
Severity ?
EPSS score ?
Summary
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392568 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:08:30.435Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392568", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-08-25T15:54:04", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392568", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-18974", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392568", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392568", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-18974", datePublished: "2021-08-25T15:54:04", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:08:30.435Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2008-7177
Vulnerability from cvelistv5
Published
2009-09-08 10:00
Modified
2024-08-07 11:56
Severity ?
EPSS score ?
Summary
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2008/1939 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/29955 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html | vendor-advisory, x_refsource_FEDORA | |
| http://secunia.com/advisories/30836 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43441 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1020378 | vdb-entry, x_refsource_SECTRACK | |
| http://sourceforge.net/project/shownotes.php?release_id=607497 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=452800 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T11:56:14.381Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "ADV-2008-1939", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2008/1939", }, { name: "29955", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/29955", }, { name: "FEDORA-2008-5473", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html", }, { name: "30836", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/30836", }, { name: "nasm-listingmodule-bo(43441)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441", }, { name: "1020378", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id?1020378", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://sourceforge.net/project/shownotes.php?release_id=607497", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=452800", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2008-06-17T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "ADV-2008-1939", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2008/1939", }, { name: "29955", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/29955", }, { name: "FEDORA-2008-5473", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html", }, { name: "30836", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/30836", }, { name: "nasm-listingmodule-bo(43441)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441", }, { name: "1020378", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id?1020378", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://sourceforge.net/project/shownotes.php?release_id=607497", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=452800", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2008-7177", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "ADV-2008-1939", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2008/1939", }, { name: "29955", refsource: "BID", url: "http://www.securityfocus.com/bid/29955", }, { name: "FEDORA-2008-5473", refsource: "FEDORA", url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html", }, { name: "30836", refsource: "SECUNIA", url: "http://secunia.com/advisories/30836", }, { name: "nasm-listingmodule-bo(43441)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441", }, { name: "1020378", refsource: "SECTRACK", url: "http://www.securitytracker.com/id?1020378", }, { name: "http://sourceforge.net/project/shownotes.php?release_id=607497", refsource: "CONFIRM", url: "http://sourceforge.net/project/shownotes.php?release_id=607497", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=452800", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=452800", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2008-7177", datePublished: "2009-09-08T10:00:00", dateReserved: "2009-09-07T00:00:00", dateUpdated: "2024-08-07T11:56:14.381Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-6291
Vulnerability from cvelistv5
Published
2019-01-15 00:00
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392549 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:16:24.744Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-15T00:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-6291", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-6291", datePublished: "2019-01-15T00:00:00Z", dateReserved: "2019-01-14T00:00:00Z", dateUpdated: "2024-09-16T23:45:29.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45256
Vulnerability from cvelistv5
Published
2021-12-22 16:30
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392789 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.325Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392789", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-22T16:30:59", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392789", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45256", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392789", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392789", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45256", datePublished: "2021-12-22T16:30:59", dateReserved: "2021-12-20T00:00:00", dateUpdated: "2024-08-04T04:39:20.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17820
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392433 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17820", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17820", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.961Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19755
Vulnerability from cvelistv5
Published
2018-11-30 03:00
Modified
2024-09-16 22:30
Severity ?
EPSS score ?
Summary
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb | x_refsource_MISC | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392528 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:44:20.171Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392528", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-11-30T03:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392528", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb", refsource: "MISC", url: "https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392528", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392528", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19755", datePublished: "2018-11-30T03:00:00Z", dateReserved: "2018-11-29T00:00:00Z", dateUpdated: "2024-09-16T22:30:53.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-10686
Vulnerability from cvelistv5
Published
2017-06-29 23:00
Modified
2024-08-05 17:41
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392414 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201903-19 | vendor-advisory, x_refsource_GENTOO |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T17:41:55.713Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", }, { name: "GLSA-201903-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201903-19", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-06-29T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-28T04:06:14", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", }, { name: "GLSA-201903-19", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201903-19", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-10686", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", }, { name: "GLSA-201903-19", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201903-19", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-10686", datePublished: "2017-06-29T23:00:00", dateReserved: "2017-06-29T00:00:00", dateUpdated: "2024-08-05T17:41:55.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19209
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548 | x_refsource_MISC | |
| https://bugzilla.suse.com/show_bug.cgi?id=1115797 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.163Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1115797", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-10T22:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1115797", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19209", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548", refsource: "MISC", url: "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548", }, { name: "https://bugzilla.suse.com/show_bug.cgi?id=1115797", refsource: "MISC", url: "https://bugzilla.suse.com/show_bug.cgi?id=1115797", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19209", datePublished: "2018-11-12T19:00:00", dateReserved: "2018-11-12T00:00:00", dateUpdated: "2024-08-05T11:30:04.163Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17811
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392432 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:18.028Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392432", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392432", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17811", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392432", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392432", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17811", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:18.028Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38665
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 13:47
Severity ?
EPSS score ?
Summary
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.642Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392818", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38665", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T13:47:02.135472Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T13:47:13.110Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:37.053299", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392818", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38665", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-23T00:00:00", dateUpdated: "2024-10-03T13:47:13.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-46457
Vulnerability from cvelistv5
Published
2023-01-04 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T14:31:46.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392809", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-01-04T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392809", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-46457", datePublished: "2023-01-04T00:00:00", dateReserved: "2022-12-05T00:00:00", dateUpdated: "2024-08-03T14:31:46.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-21528
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-08-04 14:30
Severity ?
EPSS score ?
Summary
A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392637 | ||
| https://security.gentoo.org/glsa/202312-09 | vendor-advisory |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:30:33.246Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392637", }, { name: "GLSA-202312-09", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202312-09", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-12-22T13:06:21.465826", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392637", }, { name: "GLSA-202312-09", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202312-09", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-21528", datePublished: "2023-08-22T00:00:00", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T14:30:33.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19214
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
References
| ▼ | URL | Tags |
|---|---|---|
| https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354 | x_refsource_MISC | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392521 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.255Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392521", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:24", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392521", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19214", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354", refsource: "MISC", url: "https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392521", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392521", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19214", datePublished: "2018-11-12T19:00:00", dateReserved: "2018-11-12T00:00:00", dateUpdated: "2024-08-05T11:30:04.255Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000667
Vulnerability from cvelistv5
Published
2018-09-06 17:00
Modified
2024-08-05 12:40
Severity ?
EPSS score ?
Summary
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/cyrillos/nasm/issues/3 | x_refsource_MISC | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392507 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:40:47.960Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/cyrillos/nasm/issues/3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392507", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-09-03T00:00:00", datePublic: "2018-08-22T00:00:00", descriptions: [ { lang: "en", value: "NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:20", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/cyrillos/nasm/issues/3", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392507", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-09-03T16:07:16.977309", DATE_REQUESTED: "2018-08-23T17:49:45", ID: "CVE-2018-1000667", REQUESTER: "situlingyun@gmail.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/cyrillos/nasm/issues/3", refsource: "MISC", url: "https://github.com/cyrillos/nasm/issues/3", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392507", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392507", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000667", datePublished: "2018-09-06T17:00:00", dateReserved: "2018-08-23T00:00:00", dateUpdated: "2024-08-05T12:40:47.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17810
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392431 | x_refsource_MISC | |
| http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.957Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", }, { tags: [ "x_refsource_MISC", ], url: "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17810", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", }, { name: "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", refsource: "MISC", url: "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17810", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.957Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-31722
Vulnerability from cvelistv5
Published
2023-05-17 00:00
Modified
2025-01-22 17:10
Severity ?
EPSS score ?
Summary
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:56:35.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2023-31722", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-22T17:09:08.660925Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-22T17:10:15.260Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-17T00:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-31722", datePublished: "2023-05-17T00:00:00", dateReserved: "2023-04-29T00:00:00", dateUpdated: "2025-01-22T17:10:15.260Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24978
Vulnerability from cvelistv5
Published
2020-09-03 23:20
Modified
2024-08-04 15:26
Severity ?
EPSS score ?
Summary
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392712 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:26:09.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392712", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-09-03T23:20:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392712", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24978", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392712", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392712", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24978", datePublished: "2020-09-03T23:20:23", dateReserved: "2020-08-28T00:00:00", dateUpdated: "2024-08-04T15:26:09.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17813
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392429 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.919Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392429", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392429", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17813", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392429", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392429", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17813", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-8882
Vulnerability from cvelistv5
Published
2018-03-20 23:00
Modified
2024-08-05 07:10
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392445 | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:10:46.540Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392445", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-03-20T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:21", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392445", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-8882", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392445", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392445", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-8882", datePublished: "2018-03-20T23:00:00", dateReserved: "2018-03-20T00:00:00", dateUpdated: "2024-08-05T07:10:46.540Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2004-1287
Vulnerability from cvelistv5
Published
2004-12-22 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2005-381.html | vendor-advisory, x_refsource_REDHAT | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299 | vdb-entry, signature, x_refsource_OVAL | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18540 | vdb-entry, x_refsource_XF | |
| http://tigger.uic.edu/~jlongs2/holes/nasm.txt | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-08T00:46:12.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2005:381", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-381.html", }, { name: "oval:org.mitre.oval:def:11299", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299", }, { name: "nasm-preprocc-bo(18540)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18540", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://tigger.uic.edu/~jlongs2/holes/nasm.txt", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2004-12-15T00:00:00", descriptions: [ { lang: "en", value: "Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "RHSA-2005:381", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-381.html", }, { name: "oval:org.mitre.oval:def:11299", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299", }, { name: "nasm-preprocc-bo(18540)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18540", }, { tags: [ "x_refsource_MISC", ], url: "http://tigger.uic.edu/~jlongs2/holes/nasm.txt", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2004-1287", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "RHSA-2005:381", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-381.html", }, { name: "oval:org.mitre.oval:def:11299", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299", }, { name: "nasm-preprocc-bo(18540)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18540", }, { name: "http://tigger.uic.edu/~jlongs2/holes/nasm.txt", refsource: "MISC", url: "http://tigger.uic.edu/~jlongs2/holes/nasm.txt", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2004-1287", datePublished: "2004-12-22T05:00:00", dateReserved: "2004-12-20T00:00:00", dateUpdated: "2024-08-08T00:46:12.310Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-24241
Vulnerability from cvelistv5
Published
2020-08-25 13:51
Modified
2024-08-04 15:12
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392707 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:12:08.412Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-25T13:51:45", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-24241", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-24241", datePublished: "2020-08-25T13:51:45", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-08-04T15:12:08.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17814
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392430 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392430", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392430", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17814", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392430", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392430", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17814", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.985Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-45257
Vulnerability from cvelistv5
Published
2021-12-22 16:37
Modified
2024-08-04 04:39
Severity ?
EPSS score ?
Summary
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392790 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T04:39:20.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392790", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-22T16:37:12", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392790", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-45257", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392790", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392790", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-45257", datePublished: "2021-12-22T16:37:12", dateReserved: "2021-12-20T00:00:00", dateUpdated: "2024-08-04T04:39:20.356Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17815
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
References
| ▼ | URL | Tags |
|---|---|---|
| http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392436 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392436", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392436", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17815", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3", refsource: "MISC", url: "http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392436", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392436", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17815", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.931Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-38668
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 19:05
Severity ?
EPSS score ?
Summary
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:46:56.759Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392811", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38668", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T19:05:22.410669Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T19:05:31.760Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:39.384377", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392811", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-38668", datePublished: "2023-08-22T00:00:00", dateReserved: "2023-07-23T00:00:00", dateUpdated: "2024-10-03T19:05:31.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-20334
Vulnerability from cvelistv5
Published
2020-01-04 06:43
Modified
2024-08-05 02:39
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392638 | x_refsource_MISC | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T02:39:09.727Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392638", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-04T06:43:42", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392638", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-20334", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392638", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392638", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-20334", datePublished: "2020-01-04T06:43:42", dateReserved: "2020-01-04T00:00:00", dateUpdated: "2024-08-05T02:39:09.727Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-41420
Vulnerability from cvelistv5
Published
2022-10-03 13:51
Modified
2024-08-03 12:42
Severity ?
EPSS score ?
Summary
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392810 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T12:42:46.262Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392810", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-03T13:51:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392810", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-41420", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392810", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392810", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-41420", datePublished: "2022-10-03T13:51:26", dateReserved: "2022-09-26T00:00:00", dateUpdated: "2024-08-03T12:42:46.262Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44369
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 19:17
Severity ?
EPSS score ?
Summary
NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:02.562Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392819", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-44369", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T19:17:06.916321Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-18T19:17:57.342Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392819", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-44369", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-10-30T00:00:00.000Z", dateUpdated: "2025-02-18T19:17:57.342Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-1000886
Vulnerability from cvelistv5
Published
2018-12-20 20:00
Modified
2024-09-17 01:26
Severity ?
EPSS score ?
Summary
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392514 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:47:57.516Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], dateAssigned: "2018-12-20T00:00:00", descriptions: [ { lang: "en", value: "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-20T20:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", DATE_ASSIGNED: "2018-12-20T10:18:08.693272", DATE_REQUESTED: "2018-12-20T06:31:47", ID: "CVE-2018-1000886", REQUESTER: "situlingyun@gmail.com", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-1000886", datePublished: "2018-12-20T20:00:00Z", dateReserved: "2018-12-20T00:00:00Z", dateUpdated: "2024-09-17T01:26:18.927Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-10254
Vulnerability from cvelistv5
Published
2018-04-21 16:00
Modified
2024-08-05 07:32
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://sourceforge.net/p/nasm/bugs/561/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:32:01.673Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sourceforge.net/p/nasm/bugs/561/", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-04-21T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:26", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://sourceforge.net/p/nasm/bugs/561/", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10254", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://sourceforge.net/p/nasm/bugs/561/", refsource: "MISC", url: "https://sourceforge.net/p/nasm/bugs/561/", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10254", datePublished: "2018-04-21T16:00:00", dateReserved: "2018-04-21T00:00:00", dateUpdated: "2024-08-05T07:32:01.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29654
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:36
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:26:06.565Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/", }, { tags: [ "x_transferred", ], url: "https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f", }, { tags: [ "x_transferred", ], url: "https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-29654", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-03T14:36:13.773842Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-03T14:36:33.687Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:52.154175", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/", }, { url: "https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f", }, { url: "https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-29654", datePublished: "2023-08-22T00:00:00", dateReserved: "2022-04-25T00:00:00", dateUpdated: "2024-10-03T14:36:33.687Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-44368
Vulnerability from cvelistv5
Published
2023-03-29 00:00
Modified
2025-02-18 19:22
Severity ?
EPSS score ?
Summary
NASM v2.16 was discovered to contain a null pointer deference in the NASM component
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T13:54:02.578Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392820", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-44368", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-18T19:22:07.954163Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-476", description: "CWE-476 NULL Pointer Dereference", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-18T19:22:37.752Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a null pointer deference in the NASM component", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-03-29T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392820", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-44368", datePublished: "2023-03-29T00:00:00.000Z", dateReserved: "2022-10-30T00:00:00.000Z", dateUpdated: "2025-02-18T19:22:37.752Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20538
Vulnerability from cvelistv5
Published
2018-12-28 03:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392531 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.006Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-27T00:00:00", descriptions: [ { lang: "en", value: "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-28T03:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20538", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20538", datePublished: "2018-12-28T03:00:00", dateReserved: "2018-12-27T00:00:00", dateUpdated: "2024-08-05T12:05:17.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-20535
Vulnerability from cvelistv5
Published
2018-12-28 03:00
Modified
2024-08-05 12:05
Severity ?
EPSS score ?
Summary
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392530 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T12:05:17.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392530", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-12-27T00:00:00", descriptions: [ { lang: "en", value: "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-12-28T03:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392530", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-20535", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392530", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392530", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-20535", datePublished: "2018-12-28T03:00:00", dateReserved: "2018-12-27T00:00:00", dateUpdated: "2024-08-05T12:05:17.398Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-21686
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-07 15:09
Severity ?
EPSS score ?
Summary
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:30:33.579Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392643", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-21686", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-07T15:08:02.781696Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-562", description: "CWE-562 Return of Stack Variable Address", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-07T15:09:12.200Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:35.359160", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392643", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-21686", datePublished: "2023-08-22T00:00:00", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-10-07T15:09:12.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-19215
Vulnerability from cvelistv5
Published
2018-11-12 19:00
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392525 | x_refsource_MISC | |
| https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html | vendor-advisory, x_refsource_SUSE | |
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html | vendor-advisory, x_refsource_SUSE |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T11:30:04.213Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392525", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-11-12T00:00:00", descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-13T20:06:23", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392525", }, { tags: [ "x_refsource_MISC", ], url: "https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f", }, { name: "openSUSE-SU-2020:0952", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-19215", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392525", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392525", }, { name: "https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f", refsource: "MISC", url: "https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f", }, { name: "openSUSE-SU-2020:0952", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { name: "openSUSE-SU-2020:0954", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-19215", datePublished: "2018-11-12T19:00:00", dateReserved: "2018-11-12T00:00:00", dateUpdated: "2024-08-05T11:30:04.213Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17812
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392424 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17812", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", refsource: "MISC", url: "http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17812", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.959Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17816
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392426 | x_refsource_MISC | |
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.922Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392426", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392426", }, { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17816", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392426", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392426", }, { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17816", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.922Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2017-17817
Vulnerability from cvelistv5
Published
2017-12-21 03:00
Modified
2024-08-05 20:59
Severity ?
EPSS score ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3694-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.nasm.us/show_bug.cgi?id=3392427 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T20:59:17.960Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392427", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-12-20T00:00:00", descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-06-29T09:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "USN-3694-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "https://usn.ubuntu.com/3694-1/", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392427", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-17817", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "USN-3694-1", refsource: "UBUNTU", url: "https://usn.ubuntu.com/3694-1/", }, { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392427", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392427", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-17817", datePublished: "2017-12-21T03:00:00", dateReserved: "2017-12-20T00:00:00", dateUpdated: "2024-08-05T20:59:17.960Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-18780
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-04 16:36
Severity ?
EPSS score ?
Summary
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T14:08:30.528Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392634", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2020-18780", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-04T16:36:26.928217Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-04T16:36:41.919Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-22T15:44:21.462494", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392634", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-18780", datePublished: "2023-08-22T00:00:00", dateReserved: "2020-08-13T00:00:00", dateUpdated: "2024-10-04T16:36:41.919Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-7147
Vulnerability from cvelistv5
Published
2019-01-29 00:00
Modified
2024-08-04 20:38
Severity ?
EPSS score ?
Summary
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392544 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T20:38:33.550Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392544", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2019-01-28T00:00:00", descriptions: [ { lang: "en", value: "A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-01-28T23:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392544", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-7147", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392544", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392544", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-7147", datePublished: "2019-01-29T00:00:00", dateReserved: "2019-01-28T00:00:00", dateUpdated: "2024-08-04T20:38:33.550Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-33452
Vulnerability from cvelistv5
Published
2022-07-26 12:36
Modified
2024-08-03 23:50
Severity ?
EPSS score ?
Summary
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392757 | x_refsource_MISC | |
| https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T23:50:42.376Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392757", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-26T12:36:18", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392757", }, { tags: [ "x_refsource_MISC", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2021-33452", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugzilla.nasm.us/show_bug.cgi?id=3392757", refsource: "MISC", url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392757", }, { name: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", refsource: "MISC", url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2021-33452", datePublished: "2022-07-26T12:36:18", dateReserved: "2021-05-20T00:00:00", dateUpdated: "2024-08-03T23:50:42.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-09-09 08:29
Modified
2024-11-21 03:12
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392423 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201903-19 | ||
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392423 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201903-19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0 hay un acceso ilegal a dirección en la función paste_tokens() en preproc.c, también llamado desreferencia de puntero NULL. Esto conducirá a un ataque de denegación de servicio remoto.", }, ], id: "CVE-2017-14228", lastModified: "2024-11-21T03:12:22.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-09-09T08:29:00.317", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201903-19", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392423", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201903-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-15 00:29
Modified
2024-11-21 04:46
Severity ?
Summary
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392548 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392548 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "C51A2BA2-8723-45FB-BB57-E966BDEE1F62", versionEndIncluding: "2.14.02", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.", }, { lang: "es", value: "Se ha descubierto un problema de recursión en eval.c en Netwide Assembler (NASM) hasta la versión 2.14.02. Hay un problema de agotamiento de pila que resulta de la recursión infinita en las funciones expr, rexp, bexpr y cexpr en determinados escenarios que implican el uso frecuente de caracteres \"{\". Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo asm manipulado.", }, ], id: "CVE-2019-6290", lastModified: "2024-11-21T04:46:22.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-15T00:29:00.383", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af | Patch, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392435 | Exploit, Issue Tracking, Tool Signature, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392435 | Exploit, Issue Tracking, Tool Signature, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe un acceso ilegal a direcciones en la función find_cc() en asm/preproc.c que podría provocar un ataque de denegación de servicio remoto porque los punteros asociados con las llamadas skip_white_ no están validados.", }, ], id: "CVE-2017-17819", lastModified: "2024-11-21T03:18:44.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.553", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Tool Signature", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Tool Signature", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-20 23:29
Modified
2024-11-21 04:14
Severity ?
Summary
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.13.02 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.13.02:rc2:*:*:*:*:*:*", matchCriteriaId: "5EC56AE4-3B22-41FB-A463-2CB62A3B7900", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.13.02rc2 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en la función tokenize en asm/preproc.c. Esto se relaciona con una cadena no finalizada.", }, ], id: "CVE-2018-8881", lastModified: "2024-11-21T04:14:31.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.3, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.3, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-20T23:29:00.250", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392446", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-15 00:29
Modified
2024-11-21 04:46
Severity ?
Summary
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392549 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392549 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "C51A2BA2-8723-45FB-BB57-E966BDEE1F62", versionEndIncluding: "2.14.02", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.", }, { lang: "es", value: "Se ha descubierto un problema en la función expr6 en eval.c en Netwide Assembler (NASM) hasta la versión 2.14.02. Hay un problema de agotamiento de pila causado por la función expr6, haciendo llamadas recursivas a sí misma en ciertos casos que implican el uso frecuente de caracteres \"!\", \"+\" y \"-\". Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) mediante un archivo asm manipulado.", }, ], id: "CVE-2019-6291", lastModified: "2024-11-21T04:46:23.033", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-15T00:29:00.430", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392549", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "B13F92C3-2248-4FFC-97DD-37C7C7DDA593", versionEndExcluding: "2.13.02", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.", }, { lang: "es", value: "Netwide Assembler (NASM) en versiones anteriores a la 2.13.02 tiene un uso de memoria previamente liberada en detoken en asm/preproc.c.", }, ], id: "CVE-2018-19216", lastModified: "2024-11-21T03:57:34.890", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-12T19:29:00.550", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-25 14:15
Modified
2024-11-21 05:14
Severity ?
Summary
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392707 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392707 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:rc10:*:*:*:*:*:*", matchCriteriaId: "A238A3D0-76F8-440B-B778-CECBD6723A6A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.", }, { lang: "es", value: "En Netwide Assembler (NASM) versión 2.15rc10, se presenta un uso de la memoria previamente liberada en la función saa_wbytes en el archivo nasmlib/saa.c", }, ], id: "CVE-2020-24241", lastModified: "2024-11-21T05:14:32.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-25T14:15:16.623", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392707", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-20 23:29
Modified
2024-11-21 04:14
Severity ?
Summary
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.13.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.13.02:rc2:*:*:*:*:*:*", matchCriteriaId: "5EC56AE4-3B22-41FB-A463-2CB62A3B7900", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.13.02rc2 tiene una sobrelectura de búfer en la función parse_line en asm/parser.c mediante el acceso no controlado a nasm_reg_flags.", }, ], id: "CVE-2018-8883", lastModified: "2024-11-21T04:14:31.523", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-20T23:29:00.377", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392447", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 05:12
Severity ?
Summary
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392644 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392644 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:rc0:*:*:*:*:*:*", matchCriteriaId: "7E3030CB-7432-4496-BE6E-FBB1265DE60E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.", }, ], id: "CVE-2020-21685", lastModified: "2024-11-21T05:12:48.183", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:14.087", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392644", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392644", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-20 21:29
Modified
2024-11-21 03:40
Severity ?
Summary
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392514 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392514 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.01rc5 | |
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.01rc5:*:*:*:*:*:*:*", matchCriteriaId: "2F001C6F-A818-4D70-9106-0B2D0CB3EE28", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:*:*:*:*:*:*:*", matchCriteriaId: "D4E1B969-F71C-4770-B43C-C173D45C379F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.", }, { lang: "es", value: "nasm, en versiones 2.14.01rc5 y 2.15, contiene una vulnerabilidad de desbordamiento de búfer en asm/stdscan.c:130 que puede resultar en un desbordamiento de búfer basado en pila, provocado por la generación infinita de macros, que provoca el cierre inesperado del programa. Este ataque parece ser explotable mediante un archivo de entradas nasm manipulado.", }, ], id: "CVE-2018-1000886", lastModified: "2024-11-21T03:40:35.343", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-20T21:29:00.447", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392514", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-13 16:29
Modified
2024-11-21 03:53
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 12.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:12.14:rc15:*:*:*:*:*:*", matchCriteriaId: "8F7F5FDE-DD3E-4A6E-9D7C-4434502EAA78", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc15 tiene una escritura de memoria inválida (fallo de segmentación) en expand_smacro en preproc.c, lo que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo de entradas manipulado.", }, ], id: "CVE-2018-16999", lastModified: "2024-11-21T03:53:40.020", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-13T16:29:01.140", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392508", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392508", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 08:14
Severity ?
Summary
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392818 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392818 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).", }, ], id: "CVE-2023-38665", lastModified: "2024-11-21T08:14:00.230", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:39.093", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392818", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-07-08 17:29
Modified
2024-11-21 03:07
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392415 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201903-19 | ||
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392415 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201903-19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.", }, { lang: "es", value: "En Netwide Assembler (NASM) versión 2.14rc0, el archivo preproc.c permite a los atacantes remotos causar una denegación de servicio (desbordamiento de búfer en la región heap de la memoria y bloqueo de la aplicación) o posiblemente tener otro impacto no especificado por medio de un archivo creado.", }, ], id: "CVE-2017-11111", lastModified: "2024-11-21T03:07:07.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-07-08T17:29:00.543", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392415", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201903-19", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392415", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201903-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392430 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392430 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una vulnerabilidad de uso de memoria previamente liberada en do_directive en asm/preproc.c que podría provocar un ataque de denegación de servicio (DoS) remoto.", }, ], id: "CVE-2017-17814", lastModified: "2024-11-21T03:18:43.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.367", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392430", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392430", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-01-29 00:29
Modified
2024-11-21 04:47
Severity ?
Summary
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392544 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392544 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc16:*:*:*:*:*:*", matchCriteriaId: "0C783BF3-316F-4EF0-9B9E-75759D6C5AA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.", }, { lang: "es", value: "Existe una sobrelectura de búfer en Netwide Assembler (NASM) 2.14rc16 en la función crc64ib en nasmlib. Una entrada asm manipulada puede causar fallos de segmentación, conduciendo a una denegación de servicio (DoS).", }, ], id: "CVE-2019-7147", lastModified: "2024-11-21T04:47:39.660", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-01-29T00:29:00.313", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392544", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392544", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-03-20 23:29
Modified
2024-11-21 04:14
Severity ?
Summary
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.13.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.13.02:rc2:*:*:*:*:*:*", matchCriteriaId: "5EC56AE4-3B22-41FB-A463-2CB62A3B7900", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.13.02rc2 tiene una sublectura de búfer basada en pila en la función ieee_shr en asm/float.c. Esto se relaciona con un gran valor de desplazamiento.", }, ], id: "CVE-2018-8882", lastModified: "2024-11-21T04:14:31.373", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.6, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-03-20T23:29:00.297", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392445", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392445", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-08-25 14:15
Modified
2024-11-21 05:14
Severity ?
Summary
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392708 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392708 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:rc10:*:*:*:*:*:*", matchCriteriaId: "A238A3D0-76F8-440B-B778-CECBD6723A6A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.", }, { lang: "es", value: "En Netwide Assembler (NASM) versión 2.15rc10, una SEGV puede ser activada en la función tok_text en el archivo asm/preproc.c mediante el acceso a la memoria READ", }, ], id: "CVE-2020-24242", lastModified: "2024-11-21T05:14:32.423", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-08-25T14:15:16.700", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392708", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-28 16:29
Modified
2024-11-21 04:01
Severity ?
Summary
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392530 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392530 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc16:*:*:*:*:*:*", matchCriteriaId: "16D057C6-FC84-4D85-8F14-860B47CDC611", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.", }, { lang: "es", value: "Hay un uso de memoria previamente liberada en asm/preproc.c (función pp_getline) en Netwide Assembler (NASM) 2.14rc16 que provocará una denegación de servicio (DoS) durante un intento de incremento de línea y número.", }, ], id: "CVE-2018-20535", lastModified: "2024-11-21T04:01:40.420", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-28T16:29:04.377", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392530", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392530", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-30 03:29
Modified
2024-11-21 03:58
Severity ?
Summary
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392528 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392528 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 12.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:12.14:rc16:*:*:*:*:*:*", matchCriteriaId: "F73DAA5F-2527-4052-8B67-5540C4EBED4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.", }, { lang: "es", value: "Existe un acceso a direcciones ilegal en asm/preproc.c (función: is_mmacro) en Netwide Assembler (NASM) 2.14rc16 que provoca una denegación de servicio (acceso a array fuera de límites) porque una determinada conversión puede resultar en un entero negativo.", }, ], id: "CVE-2018-19755", lastModified: "2024-11-21T03:58:28.870", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-30T03:29:00.233", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392528", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392528", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 12.14 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:12.14:rc15:*:*:*:*:*:*", matchCriteriaId: "8F7F5FDE-DD3E-4A6E-9D7C-4434502EAA78", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para las entradas insuficientes.", }, ], id: "CVE-2018-19214", lastModified: "2024-11-21T03:57:34.570", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-12T19:29:00.457", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392521", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392521", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-04 18:15
Modified
2024-11-21 07:30
Severity ?
Summary
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392809 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392809 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc1:*:*:*:*:*:*", matchCriteriaId: "33BF4907-64E2-409D-AA3F-14C1CE8690C7", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc10:*:*:*:*:*:*", matchCriteriaId: "A30CF730-60EB-4318-BBA9-A1E2AFFF4BEB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc11:*:*:*:*:*:*", matchCriteriaId: "2C5B2E06-C870-48CA-8086-80B2BAAB18DF", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc2:*:*:*:*:*:*", matchCriteriaId: "FE77FDA4-B108-4953-9CF2-E8705E9D245B", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc3:*:*:*:*:*:*", matchCriteriaId: "21F60666-3772-48D2-A59F-DAEE068CA7AD", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc4:*:*:*:*:*:*", matchCriteriaId: "B1A0C6CC-89F6-4B16-9319-F59A76A083AD", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc5:*:*:*:*:*:*", matchCriteriaId: "5EF2FA92-039A-4576-BA46-3267C7D445E6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc6:*:*:*:*:*:*", matchCriteriaId: "97622DC6-047D-4DE4-B2B8-1347BB5E9793", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc7:*:*:*:*:*:*", matchCriteriaId: "9E0E20AA-2267-452F-AE06-8E75C3FAE52D", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc8:*:*:*:*:*:*", matchCriteriaId: "C7FE20FF-1E64-49CA-961E-8FFBC6B362FB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc9:*:*:*:*:*:*", matchCriteriaId: "6B6748C9-0C34-41D0-9952-CE7EF5C8BD28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.", }, { lang: "es", value: "Se descubrió que NASM v2.16 contenía una infracción de segmentación en el componente ieee_write_file en /output/outieee.c.", }, ], id: "CVE-2022-46457", lastModified: "2024-11-21T07:30:36.390", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-04T18:15:09.233", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392809", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392809", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-06 23:29
Modified
2024-11-21 03:52
Severity ?
Summary
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * | |
| nasm | netwide_assembler | 2.14 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "2F34FCFC-CEA1-43D8-BBA3-2AD1F9B2D617", versionEndIncluding: "2.13.03", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc15:*:*:*:*:*:*", matchCriteriaId: "F0342DFD-0DB1-4C31-A862-C476506F20E0", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc1:*:*:*:*:*:*", matchCriteriaId: "FEEBD480-549D-444B-989C-E7443E111ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc10:*:*:*:*:*:*", matchCriteriaId: "94607208-5382-45CB-9E0E-24FB04D200F8", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc11:*:*:*:*:*:*", matchCriteriaId: "F7E3C5C7-09E4-42A1-975F-89919BFD8547", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc12:*:*:*:*:*:*", matchCriteriaId: "23D65F3D-1F5A-47A8-828C-1473560AF68A", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc13:*:*:*:*:*:*", matchCriteriaId: "5AA3BBE2-0648-49FF-8321-E90E506ECA03", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc14:*:*:*:*:*:*", matchCriteriaId: "83439808-E136-4A16-897E-34B8CFC9CCA6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc2:*:*:*:*:*:*", matchCriteriaId: "1597D549-DDBD-4333-A631-97BFBFDFA0AC", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc3:*:*:*:*:*:*", matchCriteriaId: "080A0929-752A-4051-85B8-C9E3AFDEFC0E", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc4:*:*:*:*:*:*", matchCriteriaId: "D30835C7-A156-44D1-9AD2-D41ABCDDFA27", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc5:*:*:*:*:*:*", matchCriteriaId: "7E540236-A8D6-443C-A268-61928ACC8BD6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc6:*:*:*:*:*:*", matchCriteriaId: "9F8906E7-EF2A-46D1-A494-5393538069CE", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc7:*:*:*:*:*:*", matchCriteriaId: "CAE1ABD3-9948-4D4B-8776-992721A39207", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc8:*:*:*:*:*:*", matchCriteriaId: "9846285D-5907-4B59-8425-51D40ED7D0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc9:*:*:*:*:*:*", matchCriteriaId: "DD088CCE-FD7D-4C31-A141-E7C6ACB7901C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.", }, { lang: "es", value: "asm/labels.c en Netwide Assembler (NASM) es propenso a una desreferencia de puntero NULL, lo que permite que el atacante provoque una denegación de servicio (DoS) mediante un archivo manipulado.", }, ], id: "CVE-2018-16517", lastModified: "2024-11-21T03:52:53.770", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-06T23:29:01.460", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://fakhrizulkifli.github.io/CVE-2018-16517.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46726/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392513", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://fakhrizulkifli.github.io/CVE-2018-16517.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/46726/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-09-08 10:30
Modified
2025-04-09 00:30
Severity ?
Summary
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "5D4D79A3-DA6C-4FC2-A318-118842A75950", versionEndIncluding: "2.03.01", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.", }, { lang: "es", value: "Desbordamiento de buffer en el módulo listing en Netwide Assembler (NASM) anterior v2.03.01 tiene impacto desconocido y vectores atacados, una vulnerabilidad diferente que CVE-2008-2719.", }, ], id: "CVE-2008-7177", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 9.3, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-09-08T10:30:01.610", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30836", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://sourceforge.net/project/shownotes.php?release_id=607497", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29955", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020378", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1939", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=452800", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://secunia.com/advisories/30836", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://sourceforge.net/project/shownotes.php?release_id=607497", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/29955", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id?1020378", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.vupen.com/english/advisories/2008/1939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=452800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/43441", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01000.html", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. This issue did not affect the versions of nasm as shipped with Red Hat Enterprise Linux 3, 4, or 5.", lastModified: "2009-09-10T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-07-24 04:15
Modified
2024-11-21 04:26
Severity ?
Summary
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392576 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392576 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "C308F122-92AE-490D-BFF1-0E882F4DC5E8", versionEndIncluding: "2.14.02", versionStartIncluding: "2.14", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when \"%pragma limit\" is mishandled.", }, { lang: "es", value: "En el archivo libnasm.a en Netwide Assembler (NASM) versiones 2.14.xx, en el archivo asm/pragma.c permite una desreferencia de un puntero NULL en las funciones process_pragma, search_pragma_list, y nasm_set_limit cuando \"%pragma limit\" es manejado inapropiadamente.", }, ], id: "CVE-2019-14248", lastModified: "2024-11-21T04:26:17.463", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-07-24T04:15:12.017", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392576", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392576", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-09-04 00:15
Modified
2024-11-21 05:16
Severity ?
Summary
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392712 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392712 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.15.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15.04:rc3:*:*:*:*:*:*", matchCriteriaId: "2F3BFDC4-DEBE-46B5-82CE-BCEF60708154", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.", }, { lang: "es", value: "En NASM versión 2.15.04rc3, se presenta una vulnerabilidad de doble liberación en el archivo pp_tokline asm/preproc.c. Esto es corregido en el commit 8806c3ca007b84accac21dd88b900fb03614ceb7", }, ], id: "CVE-2020-24978", lastModified: "2024-11-21T05:16:16.133", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-09-04T00:15:10.757", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392712", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-17 14:15
Modified
2025-01-22 18:15
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16.02:rc1:*:*:*:*:*:*", matchCriteriaId: "5204C5DA-744D-4D4C-915E-B2916AD62E1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).", }, ], id: "CVE-2023-31722", lastModified: "2025-01-22T18:15:18.343", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-05-17T14:15:09.423", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-787", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 | Patch, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392424 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392424 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una sobrelectura de búfer basada en memoria dinámica (heap) en la función detoken() en asm/preproc.c que podría provocar un ataque de denegación de servicio (DoS) remoto.", }, ], id: "CVE-2017-17812", lastModified: "2024-11-21T03:18:43.573", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.287", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392424", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392427 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392427 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una vulnerabilidad de uso de memoria previamente liberada en pp_verror en asm/preproc.c que podría provocar un ataque de denegación de servicio (DoS) remoto.", }, ], id: "CVE-2017-17817", lastModified: "2024-11-21T03:18:44.340", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.477", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392427", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392427", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:15
Modified
2024-11-21 05:08
Severity ?
Summary
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392634 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392634 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.02:*:*:*:*:*:*:*", matchCriteriaId: "293A8515-6E92-4C28-A9B5-B5BF48B1A63C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.", }, ], id: "CVE-2020-18780", lastModified: "2024-11-21T05:08:49.320", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:15:55.740", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392634", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392634", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2008-06-16 23:41
Modified
2025-04-09 00:30
Severity ?
Summary
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.02:*:*:*:*:*:*:*", matchCriteriaId: "BC065B06-BE9F-42D8-9FAC-1031F49067CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.", }, { lang: "es", value: "Error de superación de límite (off-by-one) en la función ppscan (prepoc.c) de Netwide Assembler (NASM) 2.02; permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y puede que ejecutar código de su elección mediante un fichero manipulado que produce un desbordamiento del búfer basado en pila.", }, ], id: "CVE-2008-2719", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2008-06-16T23:41:00.000", references: [ { source: "cve@mitre.org", url: "http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30594", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/32059", }, { source: "cve@mitre.org", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:120", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/06/11/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2008/06/11/5", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/29656", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id?1020259", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/usn-648-1", }, { source: "cve@mitre.org", url: "http://www.vupen.com/english/advisories/2008/1811", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42995", }, { source: "cve@mitre.org", url: "https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115", }, { source: "cve@mitre.org", url: "https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://repo.or.cz/w/nasm.git?a=commit%3Bh=76ec8e73db16f4cf1453a142d03bcc74d528f72f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/30594", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/32059", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.mandriva.com/security/advisories?name=MDVSA-2008:120", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/06/11/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2008/06/11/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/29656", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id?1020259", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/usn-648-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.vupen.com/english/advisories/2008/1811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/42995", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceforge.net/project/shownotes.php?group_id=6208&release_id=606115", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.", lastModified: "2008-07-04T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 | Patch, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392436 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392436 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe un acceso ilegal a direcciones en is_mmacro() en asm/preproc.c que podría provocar un ataque de denegación de servicio remoto debido a la ausencia de un control para la relación entre los valores de los parámetros minimum y maximum.", }, ], id: "CVE-2017-17815", lastModified: "2024-11-21T03:18:44.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.397", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392436", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392436", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-754", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392428 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392428 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una sobrelectura de búfer basada en memoria dinámica (heap) que podría provocar un ataque de denegación de servicio (DoS) remoto, relacionado con un bucle while en paste_tokens en asm/preproc.c.", }, ], id: "CVE-2017-17818", lastModified: "2024-11-21T03:18:44.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.520", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392428", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-06-29 23:29
Modified
2024-11-21 03:06
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392414 | Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://security.gentoo.org/glsa/201903-19 | ||
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392414 | Exploit, Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201903-19 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.", }, { lang: "es", value: "En Netwide Assembler (NASM) versión 2.14rc0, existen múltiples vulnerabilidades de acceso a la región heap de la memoria previamente liberada en la herramienta nasm. La región heap relacionada es asignada en la función token() y se libera en la función detoken() (llamada por pp_getline()); se usa de nuevo en varias posiciones más adelante, lo que podría causar daños múltiples. Por ejemplo, provoca una lista de doble enlace dañada en detoken(), una doble liberación o corrupción en delete_Token() y una escritura fuera de límites en detoken(). Tiene una alta posibilidad de provocar un ataque de ejecución de código remota.", }, ], id: "CVE-2017-10686", lastModified: "2024-11-21T03:06:17.983", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-06-29T23:29:00.287", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/201903-19", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392414", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/201903-19", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392433 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392433 | Exploit, Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una vulnerabilidad de uso de memoria previamente liberada en pp_list_one_macro en asm/preproc.c que podría provocar una denegación de servicio (DoS) remota. Esto está relacionado con la gestión incorrecta de errores de tipo de operandos.", }, ], id: "CVE-2017-17820", lastModified: "2024-11-21T03:18:44.833", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.600", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392433", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392426 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392426 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una vulnerabilidad de uso de memoria previamente liberada en pp_getline en asm/preproc.c que podría provocar un ataque de denegación de servicio (DoS) remoto.", }, ], id: "CVE-2017-17816", lastModified: "2024-11-21T03:18:44.197", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.443", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392426", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392426", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-26 13:15
Modified
2024-11-21 06:08
Severity ?
Summary
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392757 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392757 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.", }, { lang: "es", value: "Se ha detectado un problema en NASM versión 2.16rc0. Se presentan pérdidas de memoria en la función nasm_malloc() en el archivo nasmlib/alloc.c.", }, ], id: "CVE-2021-33452", lastModified: "2024-11-21T06:08:51.283", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-26T13:15:09.210", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392757", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392757", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-08-25 16:15
Modified
2024-11-21 05:08
Severity ?
Summary
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392568 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392568 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "A89429C9-070C-4760-AA27-D7BEBF2293BA", versionEndIncluding: "2.15.05", versionStartIncluding: "2.15", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.", }, { lang: "es", value: "Un desbordamiento del búfer en Netwide Assembler (NASM) versión v2.15.xx, permite a atacantes causar una denegación de servicio por medio de \"crc64i\" en el componente \"nasmlib/crc64\". Este problema es diferente de CVE-2019-7147.", }, ], id: "CVE-2020-18974", lastModified: "2024-11-21T05:08:52.917", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-08-25T16:15:08.567", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392568", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392568", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-22 17:15
Modified
2024-11-21 06:32
Severity ?
Summary
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392790 | Broken Link, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392790 | Broken Link, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.", }, { lang: "es", value: "Se presenta una vulnerabilidad de bucle infinito en nasm versión 2.16rc0, por medio de la función gpaste_tokens", }, ], id: "CVE-2021-45257", lastModified: "2024-11-21T06:32:02.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-22T17:15:09.217", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392790", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392790", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-835", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 20:15
Modified
2025-02-18 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392819 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392819 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:-:*:*:*:*:*:*", matchCriteriaId: "BEA64E17-E981-49F6-A6C5-3D251093023F", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc10:*:*:*:*:*:*", matchCriteriaId: "A30CF730-60EB-4318-BBA9-A1E2AFFF4BEB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc11:*:*:*:*:*:*", matchCriteriaId: "2C5B2E06-C870-48CA-8086-80B2BAAB18DF", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc12:*:*:*:*:*:*", matchCriteriaId: "705ADB12-6312-4FB8-A67A-D1318CA39DE4", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc4:*:*:*:*:*:*", matchCriteriaId: "B1A0C6CC-89F6-4B16-9319-F59A76A083AD", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc5:*:*:*:*:*:*", matchCriteriaId: "5EF2FA92-039A-4576-BA46-3267C7D445E6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc6:*:*:*:*:*:*", matchCriteriaId: "97622DC6-047D-4DE4-B2B8-1347BB5E9793", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc7:*:*:*:*:*:*", matchCriteriaId: "9E0E20AA-2267-452F-AE06-8E75C3FAE52D", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc8:*:*:*:*:*:*", matchCriteriaId: "C7FE20FF-1E64-49CA-961E-8FFBC6B362FB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc9:*:*:*:*:*:*", matchCriteriaId: "6B6748C9-0C34-41D0-9952-CE7EF5C8BD28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.", }, ], id: "CVE-2022-44369", lastModified: "2025-02-18T20:15:16.273", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-29T20:15:07.213", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392819", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392819", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 20:15
Modified
2024-11-21 07:27
Severity ?
Summary
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392815 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202312-09 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392815 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202312-09 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * | |
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "01C54CD2-6751-42EC-AC5B-1BE49C020DA3", versionEndExcluding: "2.16", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc1:*:*:*:*:*:*", matchCriteriaId: "33BF4907-64E2-409D-AA3F-14C1CE8690C7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856", }, ], id: "CVE-2022-44370", lastModified: "2024-11-21T07:27:56.220", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-03-29T20:15:07.250", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392815", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202312-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392815", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-09", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392432 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392432 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe un desbordamiento de búfer basado en memoria dinámica (heap) que podría provocar un ataque de denegación de servicio (DoS) remoto, relacionado con un strcpy en paste_tokens en asm/preproc.c. Esta es una vulnerabilidad parecida a CVE-2017-11111.", }, ], id: "CVE-2017-17811", lastModified: "2024-11-21T03:18:43.433", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.240", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392432", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392432", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392524 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392524 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 12.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:12.14:rc16:*:*:*:*:*:*", matchCriteriaId: "F73DAA5F-2527-4052-8B67-5540C4EBED4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.", }, { lang: "es", value: "Netwide Assembler (NASM) hasta la versión 2.14rc16 tiene fugas de memoria que podrían conducir a una denegación de servicio (DoS), relacionado con nasm_malloc en nasmlib/malloc.c.", }, ], id: "CVE-2018-19213", lastModified: "2024-11-21T03:57:34.410", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-12T19:29:00.410", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392524", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392524", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-772", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-01-04 18:15
Modified
2024-11-21 07:30
Severity ?
Summary
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392814 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392814 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16.01 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:-:*:*:*:*:*:*", matchCriteriaId: "BEA64E17-E981-49F6-A6C5-3D251093023F", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc10:*:*:*:*:*:*", matchCriteriaId: "A30CF730-60EB-4318-BBA9-A1E2AFFF4BEB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc11:*:*:*:*:*:*", matchCriteriaId: "2C5B2E06-C870-48CA-8086-80B2BAAB18DF", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc12:*:*:*:*:*:*", matchCriteriaId: "705ADB12-6312-4FB8-A67A-D1318CA39DE4", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc4:*:*:*:*:*:*", matchCriteriaId: "B1A0C6CC-89F6-4B16-9319-F59A76A083AD", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc5:*:*:*:*:*:*", matchCriteriaId: "5EF2FA92-039A-4576-BA46-3267C7D445E6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc6:*:*:*:*:*:*", matchCriteriaId: "97622DC6-047D-4DE4-B2B8-1347BB5E9793", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc7:*:*:*:*:*:*", matchCriteriaId: "9E0E20AA-2267-452F-AE06-8E75C3FAE52D", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc8:*:*:*:*:*:*", matchCriteriaId: "C7FE20FF-1E64-49CA-961E-8FFBC6B362FB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc9:*:*:*:*:*:*", matchCriteriaId: "6B6748C9-0C34-41D0-9952-CE7EF5C8BD28", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16.01:*:*:*:*:*:*:*", matchCriteriaId: "24046248-83D5-4274-AFAC-E8ABCC7DC881", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.", }, { lang: "es", value: "Se descubrió que NASM v2.16 contenía un desbordamiento de búfer global en el componente dbgdbg_typevalue en /output/outdbg.c.", }, ], id: "CVE-2022-46456", lastModified: "2024-11-21T07:30:36.237", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-01-04T18:15:09.177", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392814", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-04 07:15
Modified
2024-11-21 04:38
Severity ?
Summary
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392638 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392638 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.02:*:*:*:*:*:*:*", matchCriteriaId: "293A8515-6E92-4C28-A9B5-B5BF48B1A63C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.", }, { lang: "es", value: "En Netwide Assembler (NASM) versión 2.14.02, el consumo de la pila se produce en funciones expr# en el archivo asm/eval.c. Esto afecta potencialmente las relaciones entre expr0, expr1, expr2, expr3, expr4, expr5 y expr6 (y la función stdscan en el archivo asm/stdscan.c). Esto es similar a CVE-2019-6290 y CVE-2019-6291.", }, ], id: "CVE-2019-20334", lastModified: "2024-11-21T04:38:17.117", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-04T07:15:11.037", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392638", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392638", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-674", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-26 13:15
Modified
2024-11-21 06:08
Severity ?
Summary
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392758 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392758 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.", }, { lang: "es", value: "Se ha detectado un problema en NASM versión 2.16rc0. Se presentan pérdidas de memoria en la función nasm_calloc() en el archivo nasmlib/alloc.c.", }, ], id: "CVE-2021-33450", lastModified: "2024-11-21T06:08:50.993", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-26T13:15:09.123", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392758", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392758", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-401", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.suse.com/show_bug.cgi?id=1115797 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.suse.com/show_bug.cgi?id=1115797 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc15:*:*:*:*:*:*", matchCriteriaId: "744EA8F0-8BA6-40F5-AD44-04F6B40F7392", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc15 tiene una desreferencia de puntero NULL en la función find_label en asm/labels.c que conducirá a un ataque de denegación de servicio (DoS).", }, ], id: "CVE-2018-19209", lastModified: "2024-11-21T03:57:33.780", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-12T19:29:00.270", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1115797", }, { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.suse.com/show_bug.cgi?id=1115797", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392429 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392429 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe una vulnerabilidad de uso de memoria previamente liberada en la función pp_list_one_macro en asm/preproc.c que podría provocar una denegación de servicio (DoS) remota. Esto está relacionado con la gestión incorrecta de errores de sintaxis de líneas.", }, ], id: "CVE-2017-17813", lastModified: "2024-11-21T03:18:43.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.317", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392429", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392429", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-21 16:29
Modified
2024-11-21 03:41
Severity ?
Summary
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.13 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.13:*:*:*:*:*:*:*", matchCriteriaId: "7287CF29-3FA6-4D2B-891A-EB862C688527", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.", }, { lang: "es", value: "Netwide Assembler (NASM) tiene una sobrelectura de búfer basada en pila en la función disasm del archivo disasm/disasm.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo ELF manipulado.", }, ], id: "CVE-2018-10254", lastModified: "2024-11-21T03:41:07.147", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-21T16:29:00.217", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/nasm/bugs/561/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://sourceforge.net/p/nasm/bugs/561/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 05:12
Severity ?
Summary
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392643 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392643 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "5EB7507D-CC9A-402E-89F7-F87DB59EEFD5", versionEndExcluding: "2.15.04", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.", }, ], id: "CVE-2020-21686", lastModified: "2024-11-21T05:12:48.323", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:14.327", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392643", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392643", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-562", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 06:59
Severity ?
Summary
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "2776578B-0F9C-4941-BE31-8DE2165B10AB", versionEndExcluding: "2.15.05", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.", }, { lang: "es", value: "La vulnerabilidad de desbordamiento de búfer en quote_for_pmake en asm/nasm.c en nasm antes de 2.15.05 permite a los atacantes provocar una denegación de servicio a través de un archivo diseñado.", }, ], id: "CVE-2022-29654", lastModified: "2024-11-21T06:59:30.753", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:22.940", references: [ { source: "cve@mitre.org", tags: [ "Product", ], url: "https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f", }, { source: "cve@mitre.org", tags: [ "Product", ], url: "https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-120", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-11 05:29
Modified
2024-11-21 03:40
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc0 tiene una vulnerabilidad de división entre cero en la función expr5 en asm/eval.c mediante un archivo de entradas mal formado.", }, ], id: "CVE-2018-10016", lastModified: "2024-11-21T03:40:41.003", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-11T05:29:00.233", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392473", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392473", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-369", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-06 06:15
Modified
2024-11-21 04:38
Severity ?
Summary
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392636 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392636 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:rc0:*:*:*:*:*:*", matchCriteriaId: "7E3030CB-7432-4496-BE6E-FBB1265DE60E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.", }, { lang: "es", value: "En Netwide Assembler (NASM) versión 2.15rc0, existe una lectura excesiva de búfer en la región heap de la memoria (por medio de un archivo .asm diseñado) en set_text_free cuando es llamado desde la función expand_one_smacro en el archivo asm/preproc.c.", }, ], id: "CVE-2019-20352", lastModified: "2024-11-21T04:38:17.830", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-06T06:15:10.767", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392636", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392636", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-03-29 20:15
Modified
2025-02-18 20:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
NASM v2.16 was discovered to contain a null pointer deference in the NASM component
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392820 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392820 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 | |
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:-:*:*:*:*:*:*", matchCriteriaId: "BEA64E17-E981-49F6-A6C5-3D251093023F", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc10:*:*:*:*:*:*", matchCriteriaId: "A30CF730-60EB-4318-BBA9-A1E2AFFF4BEB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc11:*:*:*:*:*:*", matchCriteriaId: "2C5B2E06-C870-48CA-8086-80B2BAAB18DF", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc12:*:*:*:*:*:*", matchCriteriaId: "705ADB12-6312-4FB8-A67A-D1318CA39DE4", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc4:*:*:*:*:*:*", matchCriteriaId: "B1A0C6CC-89F6-4B16-9319-F59A76A083AD", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc5:*:*:*:*:*:*", matchCriteriaId: "5EF2FA92-039A-4576-BA46-3267C7D445E6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc6:*:*:*:*:*:*", matchCriteriaId: "97622DC6-047D-4DE4-B2B8-1347BB5E9793", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc7:*:*:*:*:*:*", matchCriteriaId: "9E0E20AA-2267-452F-AE06-8E75C3FAE52D", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc8:*:*:*:*:*:*", matchCriteriaId: "C7FE20FF-1E64-49CA-961E-8FFBC6B362FB", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc9:*:*:*:*:*:*", matchCriteriaId: "6B6748C9-0C34-41D0-9952-CE7EF5C8BD28", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NASM v2.16 was discovered to contain a null pointer deference in the NASM component", }, ], id: "CVE-2022-44368", lastModified: "2025-02-18T20:15:16.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-03-29T20:15:07.170", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392820", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392820", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-476", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 05:12
Severity ?
Summary
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392645 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392645 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:rc0:*:*:*:*:*:*", matchCriteriaId: "7E3030CB-7432-4496-BE6E-FBB1265DE60E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.", }, ], id: "CVE-2020-21687", lastModified: "2024-11-21T05:12:48.473", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:15.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392645", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392645", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-04-24 02:29
Modified
2024-11-21 03:41
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc0 tiene un bucle infinito en while en la función assemble_file de asm/nasm.c debido a un desbordamiento de enteros en globallineno.", }, ], id: "CVE-2018-10316", lastModified: "2024-11-21T03:41:12.333", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-04-24T02:29:00.490", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392474", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392474", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-10-03 14:15
Modified
2024-11-21 07:23
Severity ?
Summary
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392810 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392810 | Exploit, Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component", }, { lang: "es", value: "Se ha detectado que nasm versión v2.16, contiene un desbordamiento de pila en el componente Ndisasm", }, ], id: "CVE-2022-41420", lastModified: "2024-11-21T07:23:11.827", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-10-03T14:15:22.387", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392810", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392810", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-02-15 07:29
Modified
2024-11-21 04:49
Severity ?
Summary
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392556 | Exploit, Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202312-09 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392556 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202312-09 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.02 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.02:*:*:*:*:*:*:*", matchCriteriaId: "293A8515-6E92-4C28-A9B5-B5BF48B1A63C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14.02, hay un uso de memoria previamente liberada en paste_tokens en asm/preproc.c.", }, ], id: "CVE-2019-8343", lastModified: "2024-11-21T04:49:43.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-02-15T07:29:00.553", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392556", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202312-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392556", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-09", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-12-22 17:15
Modified
2024-11-21 06:32
Severity ?
Summary
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392789 | Broken Link, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392789 | Broken Link, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:rc0:*:*:*:*:*:*", matchCriteriaId: "20DE5189-1CB2-41BB-81E2-FF8C6CD53A19", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.", }, { lang: "es", value: "Se presenta una vulnerabilidad de Desreferencia de Puntero Null en nasm versión 2.16rc0 por medio del archivo asm/preproc.c", }, ], id: "CVE-2021-45256", lastModified: "2024-11-21T06:32:01.907", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-12-22T17:15:09.170", references: [ { source: "cve@mitre.org", tags: [ "Broken Link", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392789", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 08:14
Severity ?
Summary
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392811 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392811 | Exploit, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:*:*:*:*:*:*:*", matchCriteriaId: "1A0E7B12-65F6-4A80-BE2E-85B1EF02639F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).", }, ], id: "CVE-2023-38668", lastModified: "2024-11-21T08:14:00.667", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:39.303", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392811", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392811", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-03 02:29
Modified
2024-11-21 03:52
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc15:*:*:*:*:*:*", matchCriteriaId: "F0342DFD-0DB1-4C31-A862-C476506F20E0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer en x86/regflags.c.", }, ], id: "CVE-2018-16382", lastModified: "2024-11-21T03:52:38.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-03T02:29:00.253", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392503", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-12-21 03:29
Modified
2024-11-21 03:18
Severity ?
Summary
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 | Patch, Vendor Advisory | |
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392431 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3694-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392431 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3694-1/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14 | |
| canonical | ubuntu_linux | 14.04 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14:rc0:*:*:*:*:*:*", matchCriteriaId: "DC75A3FA-6176-41ED-80B7-79D69671FF79", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In Netwide Assembler (NASM) 2.14rc0, there is a \"SEGV on unknown address\" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.", }, { lang: "es", value: "En Netwide Assembler (NASM) 2.14rc0, existe un \"SEGV en dirección desconocida\" que provocaría un ataque de denegación de servicio remoto, porque asm/preproc.c maneja incorrectamente las llamadas macro que tienen el número incorrecto de argumentos.", }, ], id: "CVE-2017-17810", lastModified: "2024-11-21T03:18:43.277", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-12-21T03:29:00.193", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392431", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://usn.ubuntu.com/3694-1/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-09-06 17:29
Modified
2024-11-21 03:40
Severity ?
Summary
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | * | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 | |
| nasm | netwide_assembler | 2.14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*", matchCriteriaId: "11A2FD4D-BFBA-40EC-9CDE-42D337DF0041", versionEndIncluding: "2.14.0", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc1:*:*:*:*:*:*", matchCriteriaId: "FEEBD480-549D-444B-989C-E7443E111ED3", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc10:*:*:*:*:*:*", matchCriteriaId: "94607208-5382-45CB-9E0E-24FB04D200F8", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc11:*:*:*:*:*:*", matchCriteriaId: "F7E3C5C7-09E4-42A1-975F-89919BFD8547", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc12:*:*:*:*:*:*", matchCriteriaId: "23D65F3D-1F5A-47A8-828C-1473560AF68A", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc13:*:*:*:*:*:*", matchCriteriaId: "5AA3BBE2-0648-49FF-8321-E90E506ECA03", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc14:*:*:*:*:*:*", matchCriteriaId: "83439808-E136-4A16-897E-34B8CFC9CCA6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc15:*:*:*:*:*:*", matchCriteriaId: "744EA8F0-8BA6-40F5-AD44-04F6B40F7392", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc2:*:*:*:*:*:*", matchCriteriaId: "1597D549-DDBD-4333-A631-97BFBFDFA0AC", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc3:*:*:*:*:*:*", matchCriteriaId: "080A0929-752A-4051-85B8-C9E3AFDEFC0E", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc4:*:*:*:*:*:*", matchCriteriaId: "D30835C7-A156-44D1-9AD2-D41ABCDDFA27", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc5:*:*:*:*:*:*", matchCriteriaId: "7E540236-A8D6-443C-A268-61928ACC8BD6", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc6:*:*:*:*:*:*", matchCriteriaId: "9F8906E7-EF2A-46D1-A494-5393538069CE", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc7:*:*:*:*:*:*", matchCriteriaId: "CAE1ABD3-9948-4D4B-8776-992721A39207", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc8:*:*:*:*:*:*", matchCriteriaId: "9846285D-5907-4B59-8425-51D40ED7D0F8", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc9:*:*:*:*:*:*", matchCriteriaId: "DD088CCE-FD7D-4C31-A141-E7C6ACB7901C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..", }, { lang: "es", value: "NASM nasm-2.13.03 nasm- 2.14rc15 en su versión 2.14rc15 y anteriores contiene una corrupción de memoria (cerrada inesperadamente) de nasm al manejar un archivo manipulado debido a una vulnerabilidad en la función assemble_file(inname, depend_ptr) en asm/nasm.c:482 que puede resultar en el cierre inesperado del programa nasm. Este ataque parece ser explotable mediante un archivo asm especialmente manipulado.", }, ], id: "CVE-2018-1000667", lastModified: "2024-11-21T03:40:21.930", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-09-06T17:29:01.860", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392507", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/cyrillos/nasm/issues/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392507", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/cyrillos/nasm/issues/3", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 05:12
Severity ?
Summary
A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392637 | Exploit, Issue Tracking, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202312-09 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392637 | Exploit, Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202312-09 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.03 | |
| nasm | netwide_assembler | 2.15 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.03:rc2:*:*:*:*:*:*", matchCriteriaId: "D96F3D38-7D25-4625-B31F-9FEE9D249EF0", vulnerable: true, }, { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.15:*:*:*:*:*:*:*", matchCriteriaId: "D4E1B969-F71C-4770-B43C-C173D45C379F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.", }, ], id: "CVE-2020-21528", lastModified: "2024-11-21T05:12:39.583", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:13.803", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392637", }, { source: "cve@mitre.org", url: "https://security.gentoo.org/glsa/202312-09", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392637", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.gentoo.org/glsa/202312-09", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-11-12 19:29
Modified
2024-11-21 03:57
Severity ?
Summary
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 12.14 | |
| redhat | enterprise_linux | 5.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:12.14:rc16:*:*:*:*:*:*", matchCriteriaId: "F73DAA5F-2527-4052-8B67-5540C4EBED4D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "142AD0DD-4CF3-4D74-9442-459CE3347E3A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.", }, { lang: "es", value: "Netwide Assembler (NASM) 2.14rc16 tiene una sobrelectura de búfer basada en memoria dinámica (heap) en expand_mmac_params en asm/preproc.c para los casos especiales de los caracteres % y $.", }, ], id: "CVE-2018-19215", lastModified: "2024-11-21T03:57:34.730", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-11-12T19:29:00.503", references: [ { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392525", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392525", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-01-10 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tigger.uic.edu/~jlongs2/holes/nasm.txt | Exploit, Vendor Advisory | |
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2005-381.html | Not Applicable | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18540 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://tigger.uic.edu/~jlongs2/holes/nasm.txt | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-381.html | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18540 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299 | Broken Link |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 0.98.38 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:0.98.38:*:*:*:*:*:*:*", matchCriteriaId: "BF046B55-C6AD-49BC-8C26-A4B6165ACFA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.", }, { lang: "es", value: "Desbordamiento de búfer en la función de error en prepor.c de NASM 0.98.38 1.2 permite a atacantes remotos ejecutar código de su elección mediante un fichero asm construido artesanalmente.", }, ], id: "CVE-2004-1287", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 10, obtainAllPrivilege: true, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-01-10T05:00:00.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Vendor Advisory", ], url: "http://tigger.uic.edu/~jlongs2/holes/nasm.txt", }, { source: "cve@mitre.org", tags: [ "Not Applicable", ], url: "http://www.redhat.com/support/errata/RHSA-2005-381.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18540", }, { source: "cve@mitre.org", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Vendor Advisory", ], url: "http://tigger.uic.edu/~jlongs2/holes/nasm.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://www.redhat.com/support/errata/RHSA-2005-381.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18540", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11299", }, ], sourceIdentifier: "cve@mitre.org", vendorComments: [ { comment: "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", lastModified: "2007-03-14T00:00:00", organization: "Red Hat", }, ], vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-787", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-12-28 16:29
Modified
2024-11-21 04:01
Severity ?
Summary
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392531 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392531 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.14.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc16:*:*:*:*:*:*", matchCriteriaId: "16D057C6-FC84-4D85-8F14-860B47CDC611", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.", }, { lang: "es", value: "Hay un uso de memoria previamente liberada en asm/preproc.c (función pp_getline) en Netwide Assembler (NASM) 2.14rc16 que provocará una denegación de servicio (DoS) durante ciertas pruebas de finalización.", }, ], id: "CVE-2018-20538", lastModified: "2024-11-21T04:01:40.850", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-12-28T16:29:04.520", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 08:14
Severity ?
Summary
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugzilla.nasm.us/show_bug.cgi?id=3392812 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.nasm.us/show_bug.cgi?id=3392812 | Exploit, Issue Tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nasm | netwide_assembler | 2.16 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nasm:netwide_assembler:2.16:-:*:*:*:*:*:*", matchCriteriaId: "BEA64E17-E981-49F6-A6C5-3D251093023F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.", }, ], id: "CVE-2023-38667", lastModified: "2024-11-21T08:14:00.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-22T19:16:39.240", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://bugzilla.nasm.us/show_bug.cgi?id=3392812", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }