Information on source package nasm

Available versions

Release	Version
stretch	2.12.01-1
buster	2.14-1
bullseye	2.15.05-1
bookworm	2.15.05-1
sid	2.15.05-1

Open issues

Bug	stretch	buster	bullseye	bookworm	sid	Description
CVE-2020-24978	vulnerable (no DSA)	vulnerable (no DSA)	fixed	fixed	fixed	In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...
CVE-2018-19216	vulnerable (no DSA)	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoke ...
CVE-2018-10254	vulnerable (no DSA)	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in th ...
CVE-2018-10016	vulnerable (no DSA)	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability ...
CVE-2018-8883	vulnerable (no DSA)	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the pars ...
CVE-2018-8882	vulnerable (no DSA)	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-rea ...
CVE-2018-8881	vulnerable (no DSA)	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...
CVE-2017-17820	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_l ...
CVE-2017-17819	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...
CVE-2017-17818	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...
CVE-2017-17817	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_v ...
CVE-2017-17816	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in pp_g ...
CVE-2017-17815	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...
CVE-2017-17814	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in do_d ...
CVE-2017-17813	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...
CVE-2017-17812	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...
CVE-2017-17811	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer over ...
CVE-2017-17810	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown addre ...
CVE-2017-11111	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...
CVE-2017-10686	vulnerable (no DSA)	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...

Open unimportant issues

Bug	stretch	buster	bullseye	bookworm	sid	Description
CVE-2020-24242	vulnerable	vulnerable	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...
CVE-2020-24241	vulnerable	vulnerable	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...
CVE-2020-18974	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...
CVE-2019-20352	vulnerable	vulnerable	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...
CVE-2019-20334	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# ...
CVE-2019-14248	vulnerable	vulnerable	fixed	fixed	fixed	In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...
CVE-2019-8343	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in past ...
CVE-2019-6291	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	An issue was discovered in the function expr6 in eval.c in Netwide Ass ...
CVE-2019-6290	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	An infinite recursion issue was discovered in eval.c in Netwide Assemb ...
CVE-2018-1000886	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	nasm version 2.14.01rc5, 2.15 contains a Buffer Overflow vulnerability ...
CVE-2018-1000667	vulnerable	fixed	fixed	fixed	fixed	NASM nasm-2.13.03 nasm- 2.14rc15 version 2.14rc15 and earlier contains ...
CVE-2018-20538	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...
CVE-2018-20535	vulnerable	vulnerable	fixed	fixed	fixed	There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...
CVE-2018-19755	vulnerable	vulnerable	fixed	fixed	fixed	There is an illegal address access at asm/preproc.c (function: is_mmac ...
CVE-2018-19215	vulnerable	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...
CVE-2018-19214	vulnerable	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...
CVE-2018-19213	vulnerable	vulnerable	vulnerable	vulnerable	vulnerable	Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may le ...
CVE-2018-19209	vulnerable	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc15 has a NULL pointer dereference in th ...
CVE-2018-16999	vulnerable	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segment ...
CVE-2018-16517	vulnerable	fixed	fixed	fixed	fixed	asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dere ...
CVE-2018-16382	vulnerable	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regfla ...
CVE-2018-10316	vulnerable	fixed	fixed	fixed	fixed	Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the asse ...
CVE-2017-14228	vulnerable	fixed	fixed	fixed	fixed	In Netwide Assembler (NASM) 2.14rc0, there is an illegal address acces ...

Resolved issues

Bug	Description
CVE-2019-7147	A buffer over-read exists in the function crc64ib in crc64.c in nasmli ...
CVE-2008-7177	Buffer overflow in the listing module in Netwide Assembler (NASM) befo ...
CVE-2008-2719	Off-by-one error in the ppscan function (preproc.c) in Netwide Assembl ...
CVE-2005-1194	Stack-based buffer overflow in the ieee_putascii function for nasm 0.9 ...
CVE-2004-1287	Buffer overflow in the error function in preproc.c for NASM 0.98.38 1. ...

Security announcements

DSA / DLA	Description
DLA-1041-1	nasm - security update
DSA-623-1	nasm - buffer overflow