本ページは nasm netwide_assembler に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-6069 | NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | [email protected] | 7.5 | 0.05% | 2026-04-10 | 2026-04-16 |
| CVE-2026-6068 | NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution. | [email protected] | 9.6 | 0.03% | 2026-04-10 | 2026-05-26 |
| CVE-2026-6067 | A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution. | [email protected] | 5.5 | 0.04% | 2026-04-10 | 2026-04-23 |
| CVE-2025-8846 | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-08-11 | 2026-04-29 |
| CVE-2025-8845 | A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-08-11 | 2026-04-29 |
| CVE-2025-8844 | A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.12% | 2025-08-11 | 2026-04-29 |
| CVE-2025-8843 | A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.17% | 2025-08-11 | 2026-04-29 |
| CVE-2025-8842 | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.05% | 2025-08-11 | 2026-04-29 |
| CVE-2023-38668 | Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). | [email protected] | 5.5 | 0.03% | 2023-08-22 | 2024-11-21 |
| CVE-2023-38667 | Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. | [email protected] | 5.5 | 0.03% | 2023-08-22 | 2024-11-21 |
| CVE-2023-38665 | Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). | [email protected] | 5.5 | 0.04% | 2023-08-22 | 2024-11-21 |
| CVE-2022-29654 | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | [email protected] | 5.5 | 0.03% | 2023-08-22 | 2024-11-21 |
| CVE-2020-21687 | Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | [email protected] | 5.5 | 0.48% | 2023-08-22 | 2024-11-21 |
| CVE-2020-21686 | A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | [email protected] | 5.5 | 0.18% | 2023-08-22 | 2024-11-21 |
| CVE-2020-21685 | Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | [email protected] | 5.5 | 0.45% | 2023-08-22 | 2024-11-21 |
| CVE-2020-21528 | A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. | [email protected] | 5.5 | 0.48% | 2023-08-22 | 2024-11-21 |
| CVE-2020-18780 | A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. | [email protected] | 5.5 | 0.03% | 2023-08-22 | 2024-11-21 |
| CVE-2023-31722 | There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). | [email protected] | 7.8 | 0.13% | 2023-05-17 | 2025-01-22 |
| CVE-2022-44370 | NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856 | [email protected] | 7.8 | 0.05% | 2023-03-29 | 2024-11-21 |
| CVE-2022-44369 | NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c. | [email protected] | 5.5 | 0.06% | 2023-03-29 | 2025-02-18 |