CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-17820 – Ubuntu Security Notice USN-3694-1
https://notcve.org/view.php?id=CVE-2017-17820
21 Dec 2017 — In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors. En Netwide Assembler (NASM) 2.14rc0, existe una vulnerabilidad de uso de memoria previamente liberada en pp_list_one_macro en asm/preproc.c que podría provocar una denegación de servicio (DoS) remota. Esto está relacionado con la gestión incorrecta de errores de tipo de operandos. It was discovered that NASM i... • https://bugzilla.nasm.us/show_bug.cgi?id=3392433 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2017-14228 – Gentoo Linux Security Advisory 201903-19
https://notcve.org/view.php?id=CVE-2017-14228
09 Sep 2017 — In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service. En Netwide Assembler (NASM) 2.14rc0 hay un acceso ilegal a dirección en la función paste_tokens() en preproc.c, también llamado desreferencia de puntero NULL. Esto conducirá a un ataque de denegación de servicio remoto. It was discovered that NASM incorrectly handled certain source files. • https://bugzilla.nasm.us/show_bug.cgi?id=3392423 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-11111 – Gentoo Linux Security Advisory 201903-19
https://notcve.org/view.php?id=CVE-2017-11111
08 Jul 2017 — In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file. En Netwide Assembler (NASM) versión 2.14rc0, el archivo preproc.c permite a los atacantes remotos causar una denegación de servicio (desbordamiento de búfer en la región heap de la memoria y bloqueo de la aplicación) o posiblemente tener otro impacto no especificado por medio de un archivo creado. ... • https://bugzilla.nasm.us/show_bug.cgi?id=3392415 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-10686 – Gentoo Linux Security Advisory 201903-19
https://notcve.org/view.php?id=CVE-2017-10686
29 Jun 2017 — In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote cod... • https://bugzilla.nasm.us/show_bug.cgi?id=3392414 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2008-7177
https://notcve.org/view.php?id=CVE-2008-7177
08 Sep 2009 — Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719. Desbordamiento de buffer en el módulo listing en Netwide Assembler (NASM) anterior v2.03.01 tiene impacto desconocido y vectores atacados, una vulnerabilidad diferente que CVE-2008-2719. • http://secunia.com/advisories/30836 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2008-2719 – NASM 2.0 - 'ppscan()' Off-by-One Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-2719
16 Jun 2008 — Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow. Error de superación de límite (off-by-one) en la función ppscan (prepoc.c) de Netwide Assembler (NASM) 2.02; permite a atacantes dependientes del contexto provocar una denegación de servicio (caída) y puede que ejecutar código de su elección mediante un f... • https://www.exploit-db.com/exploits/31903 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 16%CPEs: 1EXPL: 2CVE-2004-1287 – NASM 0.98.x - Error Preprocessor Directive Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1287
22 Dec 2004 — Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194. Desbordamiento de búfer en la función de error en prepor.c de NASM 0.98.38 1.2 permite a atacantes remotos ejecutar código de su elección mediante un fichero asm construido artesanalmente. • https://www.exploit-db.com/exploits/25005 • CWE-787: Out-of-bounds Write •