CVE-2020-18974: Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. Upstream issue is currently untouched.
CVE-2021-45256 (https://bugzilla.nasm.us/show_bug.cgi?id=3392789): A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. CVE-2021-45257 (https://bugzilla.nasm.us/show_bug.cgi?id=3392790): An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. Can't tell if there's been any action taken upstream as their Bugzilla seems to be down.
CVE-2021-33450 (https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d): https://bugzilla.nasm.us/show_bug.cgi?id=3392758 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. CVE-2021-33452 (https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d): https://bugzilla.nasm.us/show_bug.cgi?id=3392757 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
CVE-2022-41420 (https://bugzilla.nasm.us/show_bug.cgi?id=3392810): nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2022-46456 (https://bugzilla.nasm.us/show_bug.cgi?id=3392814): NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. CVE-2022-46457 (https://bugzilla.nasm.us/show_bug.cgi?id=3392809): NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. The first one is untouched by upstream, the second was closed without any comment.
CVE-2022-44368 (https://bugzilla.nasm.us/show_bug.cgi?id=3392820): NASM v2.16 was discovered to contain a null pointer deference in the NASM component CVE-2022-44369 (https://bugzilla.nasm.us/show_bug.cgi?id=3392819): NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.
CVE-2023-31722 (https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1): There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
CVE-2022-29654 (https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/): https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. No upstream report? A comment on the referenced gist claims this is a duplicate of CVE-2022-44370. CVE-2023-38668 (https://bugzilla.nasm.us/show_bug.cgi?id=3392811): Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). CVE-2023-38667 (https://bugzilla.nasm.us/show_bug.cgi?id=3392812): Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. These untouched by upstream. CVE-2023-38665 (https://bugzilla.nasm.us/show_bug.cgi?id=3392818): Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). This one has been closed without comment.
