"Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string."
* Fixed upstream:
* Upstream bug report:
Looks like currently stable dev-lang/nasm-2.13.01 is vulnerable. I have not checked other stable versions.
Gentoo Security Scout
nasm $ git tag --contains=3144e84add8b152cc7a71e44617ce6f21daa4ba3 | fgrep -v rc
This issue was resolved and addressed in
GLSA 201903-19 at https://security.gentoo.org/glsa/201903-19
by GLSA coordinator Aaron Bauman (b-man).