Information on source package nasm

Available versions

Release	Version
buster	2.14-1
bullseye	2.15.05-1
bookworm	2.15.05-1
sid	2.15.05-1

Open issues

Bug	buster	bullseye	bookworm	sid	Description
CVE-2020-24978	vulnerable (no DSA)	fixed	fixed	fixed	In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...

Open unimportant issues

Bug	buster	bullseye	bookworm	sid	Description
CVE-2021-45257	vulnerable	vulnerable	vulnerable	vulnerable	An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_t ...
CVE-2021-45256	vulnerable	vulnerable	vulnerable	vulnerable	A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via a ...
CVE-2021-33452	vulnerable	vulnerable	vulnerable	vulnerable	An issue was discovered in NASM version 2.16rc0. There are memory leak ...
CVE-2021-33450	vulnerable	vulnerable	vulnerable	vulnerable	An issue was discovered in NASM version 2.16rc0. There are memory leak ...
CVE-2020-24242	vulnerable	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...
CVE-2020-24241	vulnerable	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...
CVE-2020-18974	vulnerable	vulnerable	vulnerable	vulnerable	Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...
CVE-2019-20352	vulnerable	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...
CVE-2019-20334	vulnerable	vulnerable	vulnerable	vulnerable	In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...
CVE-2019-14248	vulnerable	fixed	fixed	fixed	In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...
CVE-2019-8343	vulnerable	vulnerable	vulnerable	vulnerable	In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ...
CVE-2019-6291	vulnerable	vulnerable	vulnerable	vulnerable	An issue was discovered in the function expr6 in eval.c in Netwide Ass ...
CVE-2019-6290	vulnerable	vulnerable	vulnerable	vulnerable	An infinite recursion issue was discovered in eval.c in Netwide Assemb ...
CVE-2018-1000886	vulnerable	vulnerable	vulnerable	vulnerable	nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...
CVE-2018-20538	vulnerable	vulnerable	vulnerable	vulnerable	There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...
CVE-2018-20535	vulnerable	fixed	fixed	fixed	There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...
CVE-2018-19755	vulnerable	fixed	fixed	fixed	There is an illegal address access at asm/preproc.c (function: is_mmac ...
CVE-2018-19213	vulnerable	vulnerable	vulnerable	vulnerable	Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...

Resolved issues

Bug	Description
CVE-2019-7147	A buffer over-read exists in the function crc64ib in crc64.c in nasmli ...
CVE-2018-1000667	NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...
CVE-2018-19216	Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoke ...
CVE-2018-19215	Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...
CVE-2018-19214	Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...
CVE-2018-19209	Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in th ...
CVE-2018-16999	Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segment ...
CVE-2018-16517	asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dere ...
CVE-2018-16382	Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regfla ...
CVE-2018-10316	Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the asse ...
CVE-2018-10254	Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in th ...
CVE-2018-10016	Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability ...
CVE-2018-8883	Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the pars ...
CVE-2018-8882	Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-rea ...
CVE-2018-8881	Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...
CVE-2017-17820	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_l ...
CVE-2017-17819	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...
CVE-2017-17818	In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...
CVE-2017-17817	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_v ...
CVE-2017-17816	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_g ...
CVE-2017-17815	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...
CVE-2017-17814	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_d ...
CVE-2017-17813	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...
CVE-2017-17812	In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...
CVE-2017-17811	In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...
CVE-2017-17810	In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown addre ...
CVE-2017-14228	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...
CVE-2017-11111	In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...
CVE-2017-10686	In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...
CVE-2008-7177	Buffer overflow in the listing module in Netwide Assembler (NASM) befo ...
CVE-2008-2719	Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...
CVE-2005-1194	Stack-based buffer overflow in the ieee_putascii function for nasm 0.9 ...
CVE-2004-1287	Buffer overflow in the error function in preproc.c for NASM 0.98.38 1. ...

Security announcements

DSA / DLA	Description
DLA-1041-1	nasm - security update
DSA-623-1	nasm - buffer overflow