CVE-2020-21686
https://notcve.org/view.php?id=CVE-2020-21686
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. • https://bugzilla.nasm.us/show_bug.cgi?id=3392643 • CWE-562: Return of Stack Variable Address •
CVE-2020-21528
https://notcve.org/view.php?id=CVE-2020-21528
A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. • https://bugzilla.nasm.us/show_bug.cgi?id=3392637 https://security.gentoo.org/glsa/202312-09 •
CVE-2022-29654
https://notcve.org/view.php?id=CVE-2022-29654
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. La vulnerabilidad de desbordamiento de búfer en quote_for_pmake en asm/nasm.c en nasm antes de 2.15.05 permite a los atacantes provocar una denegación de servicio a través de un archivo diseñado. • https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f https://www.nasm.us/pub/nasm/releasebuilds/2.15.05 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-44370
https://notcve.org/view.php?id=CVE-2022-44370
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 • https://bugzilla.nasm.us/show_bug.cgi?id=3392815 https://security.gentoo.org/glsa/202312-09 • CWE-787: Out-of-bounds Write •
CVE-2018-1000886
https://notcve.org/view.php?id=CVE-2018-1000886
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file. nasm, en versiones 2.14.01rc5 y 2.15, contiene una vulnerabilidad de desbordamiento de búfer en asm/stdscan.c:130 que puede resultar en un desbordamiento de búfer basado en pila, provocado por la generación infinita de macros, que provoca el cierre inesperado del programa. Este ataque parece ser explotable mediante un archivo de entradas nasm manipulado. • https://bugzilla.nasm.us/show_bug.cgi?id=3392514 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •