CVE-2018-19216
https://notcve.org/view.php?id=CVE-2018-19216
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c. Netwide Assembler (NASM) en versiones anteriores a la 2.13.02 tiene un uso de memoria previamente liberada en detoken en asm/preproc.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392424 https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 • CWE-416: Use After Free •
CVE-2018-16517 – Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)
https://notcve.org/view.php?id=CVE-2018-16517
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. asm/labels.c en Netwide Assembler (NASM) es propenso a una desreferencia de puntero NULL, lo que permite que el atacante provoque una denegación de servicio (DoS) mediante un archivo manipulado. • https://www.exploit-db.com/exploits/46726 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html https://bugzilla.nasm.us/show_bug.cgi?id=3392513 https://fakhrizulkifli.github.io/CVE-2018-16517.html • CWE-476: NULL Pointer Dereference •
CVE-2018-1000667
https://notcve.org/view.php?id=CVE-2018-1000667
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. NASM nasm-2.13.03 nasm- 2.14rc15 en su versión 2.14rc15 y anteriores contiene una corrupción de memoria (cerrada inesperadamente) de nasm al manejar un archivo manipulado debido a una vulnerabilidad en la función assemble_file(inname, depend_ptr) en asm/nasm.c:482 que puede resultar en el cierre inesperado del programa nasm. Este ataque parece ser explotable mediante un archivo asm especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392507 https://github.com/cyrillos/nasm/issues/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2018-16382
https://notcve.org/view.php?id=CVE-2018-16382
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer en x86/regflags.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392503 • CWE-125: Out-of-bounds Read •
CVE-2018-10316
https://notcve.org/view.php?id=CVE-2018-10316
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. Netwide Assembler (NASM) 2.14rc0 tiene un bucle infinito en while en la función assemble_file de asm/nasm.c debido a un desbordamiento de enteros en globallineno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392474 • CWE-190: Integer Overflow or Wraparound •