CVE-2019-6291
https://notcve.org/view.php?id=CVE-2019-6291
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. Se ha descubierto un problema en la función expr6 en eval.c en Netwide Assembler (NASM) hasta la versión 2.14.02. • https://bugzilla.nasm.us/show_bug.cgi?id=3392549 • CWE-674: Uncontrolled Recursion •
CVE-2018-1000886
https://notcve.org/view.php?id=CVE-2018-1000886
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. nasm, en versiones 2.14.01rc5 y 2.15, contiene una vulnerabilidad de desbordamiento de búfer en asm/stdscan.c:130 que puede resultar en un desbordamiento de búfer basado en pila, provocado por la generación infinita de macros, que provoca el cierre inesperado del programa. Este ataque parece ser explotable mediante un archivo de entradas nasm manipulado. • https://bugzilla.nasm.us/show_bug.cgi?id=3392514 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •