CVE-2020-21686
https://notcve.org/view.php?id=CVE-2020-21686
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. • https://bugzilla.nasm.us/show_bug.cgi?id=3392643 • CWE-562: Return of Stack Variable Address •
CVE-2020-18780
https://notcve.org/view.php?id=CVE-2020-18780
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. • https://bugzilla.nasm.us/show_bug.cgi?id=3392634 • CWE-416: Use After Free •
CVE-2022-29654
https://notcve.org/view.php?id=CVE-2022-29654
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. La vulnerabilidad de desbordamiento de búfer en quote_for_pmake en asm/nasm.c en nasm antes de 2.15.05 permite a los atacantes provocar una denegación de servicio a través de un archivo diseñado. • https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f https://www.nasm.us/pub/nasm/releasebuilds/2.15.05 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-44370
https://notcve.org/view.php?id=CVE-2022-44370
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 • https://bugzilla.nasm.us/show_bug.cgi?id=3392815 https://security.gentoo.org/glsa/202312-09 • CWE-787: Out-of-bounds Write •
CVE-2019-20334
https://notcve.org/view.php?id=CVE-2019-20334
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. En Netwide Assembler (NASM) versión 2.14.02, el consumo de la pila se produce en funciones expr# en el archivo asm/eval.c. Esto afecta potencialmente las relaciones entre expr0, expr1, expr2, expr3, expr4, expr5 y expr6 (y la función stdscan en el archivo asm/stdscan.c). • https://bugzilla.nasm.us/show_bug.cgi?id=3392548#c4 https://bugzilla.nasm.us/show_bug.cgi?id=3392638 • CWE-674: Uncontrolled Recursion •