UBUNTU-CVE-2017-14228

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function pastetokens in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service...

[SECURITY] Fedora 25 Update: nasm-2.13.01-3.fc25

NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax...

[SECURITY] Fedora 26 Update: nasm-2.13.01-3.fc26

NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax...

[SECURITY] [DLA 1041-1] nasm security update

Package : nasm Version : 2.10.01-1+deb7u1 CVE ID : CVE-2017-10686 CVE-2017-11111 CVE-2017-10686 In Netwide Assembler NASM 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function called ...

CVE-2017-11111

In Netwide Assembler NASM 2.14rc0, preproc.c allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

Heap overflow

In Netwide Assembler NASM 2.14rc0, preproc.c allows remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted file...

CVE-2017-11111

NASM 2.14rc0 is affected. The root cause is in asm/preproc.c where a strcpy in paste_tokens leads to a heap-based buffer overflow, enabling remote denial of service (and potentially other impact) when processing crafted input. Related CVEs note a similar heap-based overflow and DoS. Mitigation in...

Netwide Assembler (NASM) Memory Misreference Vulnerability

Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. tool nasm is a user tool for NASM. A memory misreference vulnerability exists in tool nasm in NASM version 2.14rc0. A remote attacker could exploit this vulnerability to potentially execute code...

DEBIAN-CVE-2017-10686

In Netwide Assembler NASM 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function called by ppgetline - it is used again at multiple positions later that could cause multiple damages. F...

Double free

In Netwide Assembler NASM 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function called by ppgetline - it is used again at multiple positions later that could cause multiple damages. F...

UBUNTU-CVE-2017-10686

In Netwide Assembler NASM 2.14rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token function and freed in the detoken function called by ppgetline - it is used again at multiple positions later that could cause multiple damages. F...

Flat Assembler 1.7.21 - Local Buffer Overflow

Flat Assembler 1.7.21 - Local Buffer Overflow !/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release What is FASM? Flat assembler is a fast, self-compilable assembly langua...

Flat Assembler 1.7.21 - Local Buffer Overflow

!/usr/bin/python Developed using Exploit Pack - http://exploitpack.com - Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Tested on: GNU/Linux - Kali 2017.1 Release What is FASM? Flat assembler is a fast, self-compilable assembly language compiler for the x86 and x86-64 architectur...

Out-of-bounds

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...

CVE-2016-10226

Removed by vendor...

CVE-2017-7223

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow of size 1 while attempting to unget an EOF character from the input stream, potentially leading to a program crash...

DEBIAN-CVE-2017-7223

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow of size 1 while attempting to unget an EOF character from the input stream, potentially leading to a program crash...

UBUNTU-CVE-2017-7223

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow of size 1 while attempting to unget an EOF character from the input stream, potentially leading to a program crash...

Buffer overflow

GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow of size 1 while attempting to unget an EOF character from the input stream, potentially leading to a program crash...