CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 4CVE-2018-16517 – Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)
https://notcve.org/view.php?id=CVE-2018-16517
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file. asm/labels.c en Netwide Assembler (NASM) es propenso a una desreferencia de puntero NULL, lo que permite que el atacante provoque una denegación de servicio (DoS) mediante un archivo manipulado. • https://www.exploit-db.com/exploits/46726 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html https://bugzilla.nasm.us/show_bug.cgi?id=3392513 https://fakhrizulkifli.github.io/CVE-2018-16517.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 2CVE-2018-1000667
https://notcve.org/view.php?id=CVE-2018-1000667
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file.. NASM nasm-2.13.03 nasm- 2.14rc15 en su versión 2.14rc15 y anteriores contiene una corrupción de memoria (cerrada inesperadamente) de nasm al manejar un archivo manipulado debido a una vulnerabilidad en la función assemble_file(inname, depend_ptr) en asm/nasm.c:482 que puede resultar en el cierre inesperado del programa nasm. Este ataque parece ser explotable mediante un archivo asm especialmente manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392507 https://github.com/cyrillos/nasm/issues/3 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16382
https://notcve.org/view.php?id=CVE-2018-16382
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c. Netwide Assembler (NASM) 2.14rc15 tiene una sobrelectura de búfer en x86/regflags.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392503 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10316
https://notcve.org/view.php?id=CVE-2018-10316
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow. Netwide Assembler (NASM) 2.14rc0 tiene un bucle infinito en while en la función assemble_file de asm/nasm.c debido a un desbordamiento de enteros en globallineno. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://bugzilla.nasm.us/show_bug.cgi?id=3392474 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10254
https://notcve.org/view.php?id=CVE-2018-10254
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file. Netwide Assembler (NASM) tiene una sobrelectura de búfer basada en pila en la función disasm del archivo disasm/disasm.c. Los atacantes remotos pueden aprovechar esta vulnerabilidad para provocar una denegación de servicio (DoS) o, posiblemente, otro tipo de impacto sin especificar mediante un archivo ELF manipulado. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html https://sourceforge.net/p/nasm/bugs/561 • CWE-125: Out-of-bounds Read •