"Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string." * Fixed upstream: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 * Upstream bug report: https://bugzilla.nasm.us/show_bug.cgi?id=3392446 Looks like currently stable dev-lang/nasm-2.13.01 is vulnerable. I have not checked other stable versions. -- Gentoo Security Scout Vladimir Krstulja
nasm $ git tag --contains=3144e84add8b152cc7a71e44617ce6f21daa4ba3 | fgrep -v rc nasm-2.13.02 nasm-2.13.03 nasm-2.14 nasm-2.14.01 nasm-2.14.02
This issue was resolved and addressed in GLSA 201903-19 at https://security.gentoo.org/glsa/201903-19 by GLSA coordinator Aaron Bauman (b-man).