Nasm Netwide Assembler
By the Year
In 2024 there have been 0 vulnerabilities in Nasm Netwide Assembler . Last year Netwide Assembler had 15 security vulnerabilities published. Right now, Netwide Assembler is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 15 | 5.85 |
2022 | 3 | 5.50 |
2021 | 3 | 4.77 |
2020 | 3 | 7.47 |
2019 | 5 | 5.96 |
2018 | 19 | 6.32 |
It may take a day or so for new Netwide Assembler vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Nasm Netwide Assembler Security Vulnerabilities
Stack-based buffer over-read in function disasm in nasm 2.16
CVE-2023-38667
5.5 - Medium
- August 22, 2023
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
Out-of-bounds Read
A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15
CVE-2020-21528
5.5 - Medium
- August 22, 2023
A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0
CVE-2020-21685
5.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
Memory Corruption
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0
CVE-2020-21687
5.5 - Medium
- August 22, 2023
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
Memory Corruption
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05
CVE-2022-29654
5.5 - Medium
- August 22, 2023
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
Classic Buffer Overflow
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04
CVE-2020-21686
5.5 - Medium
- August 22, 2023
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
Null pointer dereference in ieee_write_file in nasm 2.16rc0
CVE-2023-38665
5.5 - Medium
- August 22, 2023
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
NULL Pointer Dereference
Stack-based buffer over-read in disasm in nasm 2.16
CVE-2023-38668
5.5 - Medium
- August 22, 2023
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
Out-of-bounds Read
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02
CVE-2020-18780
5.5 - Medium
- August 22, 2023
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
Dangling pointer
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
CVE-2023-31722
7.8 - High
- May 17, 2023
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
Memory Corruption
NASM v2.16 was discovered to contain a null pointer deference in the NASM component
CVE-2022-44368
5.5 - Medium
- March 29, 2023
NASM v2.16 was discovered to contain a null pointer deference in the NASM component
NULL Pointer Dereference
NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference
CVE-2022-44369
5.5 - Medium
- March 29, 2023
NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
NULL Pointer Dereference
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
CVE-2022-44370
7.8 - High
- March 29, 2023
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
Memory Corruption
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVE-2022-46456
6.1 - Medium
- January 04, 2023
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
Classic Buffer Overflow
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
CVE-2022-46457
5.5 - Medium
- January 04, 2023
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2022-41420
5.5 - Medium
- October 03, 2022
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
Memory Corruption
An issue was discovered in NASM version 2.16rc0
CVE-2021-33452
5.5 - Medium
- July 26, 2022
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
Memory Leak
An issue was discovered in NASM version 2.16rc0
CVE-2021-33450
5.5 - Medium
- July 26, 2022
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
Memory Leak
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0
CVE-2021-45256
5.5 - Medium
- December 22, 2021
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
NULL Pointer Dereference
An infinite loop vulnerability exists in nasm 2.16rc0
CVE-2021-45257
5.5 - Medium
- December 22, 2021
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
Infinite Loop
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx
CVE-2020-18974
3.3 - Low
- August 25, 2021
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.
Classic Buffer Overflow
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c
CVE-2020-24978
9.8 - Critical
- September 04, 2020
In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
Double-free
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (
CVE-2019-20352
7.1 - High
- January 06, 2020
In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c.
Out-of-bounds Read
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c
CVE-2019-20334
5.5 - Medium
- January 04, 2020
In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.
Stack Exhaustion
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c
CVE-2019-14248
5.5 - Medium
- July 24, 2019
In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
NULL Pointer Dereference
In Netwide Assembler (NASM) 2.14.02
CVE-2019-8343
7.8 - High
- February 15, 2019
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
Dangling pointer
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16
CVE-2019-7147
5.5 - Medium
- January 29, 2019
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
Out-of-bounds Read
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02
CVE-2019-6291
5.5 - Medium
- January 15, 2019
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Stack Exhaustion
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02
CVE-2019-6290
5.5 - Medium
- January 15, 2019
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Stack Exhaustion
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16
CVE-2018-20538
5.5 - Medium
- December 28, 2018
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.
Dangling pointer
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16
CVE-2018-20535
5.5 - Medium
- December 28, 2018
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during a line-number increment attempt.
Dangling pointer
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130
CVE-2018-1000886
5.5 - Medium
- December 20, 2018
nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability in asm/stdscan.c:130 that can result in Stack-overflow caused by triggering endless macro generation, crash the program. This attack appear to be exploitable via a crafted nasm input file.
Buffer Overflow
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16
CVE-2018-19755
5.5 - Medium
- November 30, 2018
There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can result in a negative integer.
Improper Input Validation
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
CVE-2018-19216
7.8 - High
- November 12, 2018
Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken at asm/preproc.c.
Dangling pointer
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
CVE-2018-19215
7.8 - High
- November 12, 2018
Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for the special cases of the % and $ and ! characters.
Out-of-bounds Read
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
CVE-2018-19214
7.8 - High
- November 12, 2018
Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in expand_mmac_params in asm/preproc.c for insufficient input.
Out-of-bounds Read
Netwide Assembler (NASM) through 2.14rc16 has memory leaks
CVE-2018-19213
5.5 - Medium
- November 12, 2018
Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may lead to DoS, related to nasm_malloc in nasmlib/malloc.c.
Missing Release of Resource after Effective Lifetime
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c
CVE-2018-19209
5.5 - Medium
- November 12, 2018
Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
NULL Pointer Dereference
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which
CVE-2018-16999
5.5 - Medium
- September 13, 2018
Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file.
Memory Corruption
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which
CVE-2018-16517
5.5 - Medium
- September 06, 2018
asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
NULL Pointer Dereference
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname
CVE-2018-1000667
5.5 - Medium
- September 06, 2018
NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
Buffer Overflow
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
CVE-2018-16382
5.5 - Medium
- September 03, 2018
Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
Out-of-bounds Read
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c
CVE-2018-10316
5.5 - Medium
- April 24, 2018
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
Integer Overflow or Wraparound
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file
CVE-2018-10254
7.8 - High
- April 21, 2018
Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the disasm function of the disasm/disasm.c file. Remote attackers could leverage this vulnerability to cause a denial of service or possibly have unspecified other impact via a crafted ELF file.
Out-of-bounds Read
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c
CVE-2018-10016
5.5 - Medium
- April 11, 2018
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
Divide By Zero
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c
CVE-2018-8882
7.8 - High
- March 20, 2018
Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read in the function ieee_shr in asm/float.c via a large shift value.
Buffer Overflow
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c
CVE-2018-8883
7.8 - High
- March 20, 2018
Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the parse_line function in asm/parser.c via uncontrolled access to nasm_reg_flags.
Out-of-bounds Read
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c
CVE-2018-8881
7.3 - High
- March 20, 2018
Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string.
Out-of-bounds Read
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c
CVE-2017-17817
5.5 - Medium
- December 21, 2017
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_verror in asm/preproc.c that will cause a remote denial of service attack.
Dangling pointer
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c
CVE-2017-17819
5.5 - Medium
- December 21, 2017
In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated.
NULL Pointer Dereference
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c
CVE-2017-17820
5.5 - Medium
- December 21, 2017
In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_list_one_macro in asm/preproc.c that will lead to a remote denial of service attack, related to mishandling of operand-type errors.
Dangling pointer
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2
CVE-2004-1287
- January 10, 2005
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Nasm Netwide Assembler or by Nasm? Click the Watch button to subscribe.