You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CVE-2019-6290: An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
CVE-2019-6291: An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
CVE-2019-8343: In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
CVE-2020-21528: A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
CVE-2021-33450: An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.
CVE-2021-33452: An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
CVE-2022-44368: NASM v2.16 was discovered to contain a null pointer deference in the NASM component
CVE-2022-44369: NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
CVE-2022-44370: NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
Name: nasm
CVEs: CVE-2019-6290, CVE-2019-6291, CVE-2019-8343, CVE-2020-21528, CVE-2021-33450, CVE-2021-33452, CVE-2022-44368, CVE-2022-44369, CVE-2022-44370
CVSSs: 5.5, 5.5, 7.8, 5.5, 5.5, 5.5, 5.5, 5.5, 7.8
Action Needed: TBD, not fixed in upstream
Summary:
refmap.gentoo: https://bugs.gentoo.org/686720, https://bugs.gentoo.org/686722, https://bugs.gentoo.org/810423, https://bugs.gentoo.org/903755
nasm is included only in Flatcar SDK, so not critical.
The text was updated successfully, but these errors were encountered: