Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:nuget/nasm@2.14.0
Typenuget
Namespace
Namenasm
Version2.14.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-11p2-zbuv-13gy
vulnerability_id VCID-11p2-zbuv-13gy
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
In Netwide Assembler (NASM) rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17811.json
reference_id
reference_type
scores
0
value 4.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17811.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392432
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392432
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529317
reference_id 1529317
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529317
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17811
reference_id CVE-2017-17811
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17811
fixed_packages
aliases CVE-2017-17811
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11p2-zbuv-13gy
1
url VCID-2m25-r9n5-e3cx
vulnerability_id VCID-2m25-r9n5-e3cx
summary 
Improper Input Validation
In Netwide Assembler (NASM) rc0, there is a "SEGV on unknown address" that will cause a remote denial of service attack, because asm/preproc.c mishandles macro calls that have the wrong number of arguments.
references
0
reference_url http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4
reference_id
reference_type
scores
url http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17810.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17810.json
2
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392431
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392431
3
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529312
reference_id 1529312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529312
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17810
reference_id CVE-2017-17810
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17810
fixed_packages
aliases CVE-2017-17810
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m25-r9n5-e3cx
2
url VCID-4d33-n3b8-syc5
vulnerability_id VCID-4d33-n3b8-syc5
summary 
Improper Check for Unusual or Exceptional Conditions
In Netwide Assembler (NASM) rc0, there is an illegal address access in is_mmacro() in asm/preproc.c that will cause a remote denial of service attack, because of a missing check for the relationship between minimum and maximum parameter counts.
references
0
reference_url http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3
reference_id
reference_type
scores
url http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17815.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17815.json
2
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392436
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392436
3
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529328
reference_id 1529328
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529328
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17815
reference_id CVE-2017-17815
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17815
fixed_packages
aliases CVE-2017-17815
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d33-n3b8-syc5
3
url VCID-88sf-35rq-zkav
vulnerability_id VCID-88sf-35rq-zkav
summary 
NULL Pointer Dereference
In libnasm.a in Netwide Assembler (NASM), asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14248.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14248.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392576
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392576
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732714
reference_id 1732714
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732714
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932907
reference_id 932907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932907
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14248
reference_id CVE-2019-14248
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-14248
fixed_packages
aliases CVE-2019-14248
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-88sf-35rq-zkav
4
url VCID-agk3-q1p7-bkb7
vulnerability_id VCID-agk3-q1p7-bkb7
summary 
Out-of-bounds Read
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7147.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7147.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392544
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392544
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1670704
reference_id 1670704
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1670704
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-7147
reference_id CVE-2019-7147
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-7147
fixed_packages
aliases CVE-2019-7147
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agk3-q1p7-bkb7
5
url VCID-c3x9-gwbv-7keh
vulnerability_id VCID-c3x9-gwbv-7keh
summary 
Divide By Zero
Netwide Assembler (NASM) rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10016.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10016.json
3
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392473
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392473
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1567719
reference_id 1567719
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1567719
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895408
reference_id 895408
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895408
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10016
reference_id CVE-2018-10016
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-10016
fixed_packages
aliases CVE-2018-10016
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c3x9-gwbv-7keh
6
url VCID-drn8-b7p7-tqc8
vulnerability_id VCID-drn8-b7p7-tqc8
summary 
NULL Pointer Dereference
In Netwide Assembler (NASM) rc0, there is an illegal address access in the function paste_tokens() in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service.
references
0
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392423
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392423
1
reference_url https://security.gentoo.org/glsa/201903-19
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201903-19
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874731
reference_id 874731
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874731
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-14228
reference_id CVE-2017-14228
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-14228
fixed_packages
aliases CVE-2017-14228
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-drn8-b7p7-tqc8
7
url VCID-dtyu-u8sc-q7a4
vulnerability_id VCID-dtyu-u8sc-q7a4
summary 
Use After Free
In Netwide Assembler (NASM) rc0, there are multiple heap use after free vulnerabilities in the tool nasm. The related heap is allocated in the token() function and freed in the detoken() function (called by pp_getline()) - it is used again at multiple positions later that could cause multiple damages. For example, it causes a corrupted double-linked list in detoken(), a double free or corruption in delete_Token(), and an out-of-bounds write in detoken(). It has a high possibility to lead to a remote code execution attack.
references
0
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392414
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392414
1
reference_url https://security.gentoo.org/glsa/201903-19
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201903-19
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867988
reference_id 867988
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867988
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-10686
reference_id CVE-2017-10686
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-10686
fixed_packages
aliases CVE-2017-10686
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dtyu-u8sc-q7a4
8
url VCID-eznc-tbwf-zyh8
vulnerability_id VCID-eznc-tbwf-zyh8
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
NASM nasm-2.13.03 nasm- rc15 rc15 contains a memory corruption (crashed) of nasm when handling a crafted file due to function assemble_file(inname, depend_ptr) at asm/nasm.c:482. vulnerability in function assemble_file(inname, depend_ptr) at asm/nasm.c:482. that can result in aborting/crash nasm program. This attack appear to be exploitable via a specially crafted asm file..
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000667.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000667.json
3
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392507
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392507
4
reference_url https://github.com/cyrillos/nasm/issues/3
reference_id
reference_type
scores
url https://github.com/cyrillos/nasm/issues/3
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1626256
reference_id 1626256
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1626256
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000667
reference_id CVE-2018-1000667
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000667
fixed_packages
aliases CVE-2018-1000667
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eznc-tbwf-zyh8
9
url VCID-hntb-je1p-v3dj
vulnerability_id VCID-hntb-je1p-v3dj
summary 
Out-of-bounds Read
In Netwide Assembler (NASM) rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in paste_tokens in asm/preproc.c.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17818.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17818.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392428
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392428
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529332
reference_id 1529332
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529332
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17818
reference_id CVE-2017-17818
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17818
fixed_packages
aliases CVE-2017-17818
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hntb-je1p-v3dj
10
url VCID-m35n-kbax-yuds
vulnerability_id VCID-m35n-kbax-yuds
summary 
Use After Free
In Netwide Assembler (NASM) rc0, there is a use-after-free in pp_getline in asm/preproc.c that will cause a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17816.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17816.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392426
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392426
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529330
reference_id 1529330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529330
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17816
reference_id CVE-2017-17816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17816
fixed_packages
aliases CVE-2017-17816
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m35n-kbax-yuds
11
url VCID-m8kc-xzgu-fyfh
vulnerability_id VCID-m8kc-xzgu-fyfh
summary 
Integer Overflow or Wraparound
Netwide Assembler (NASM) rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10316.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10316.json
3
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392474
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392474
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1573298
reference_id 1573298
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1573298
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-10316
reference_id CVE-2018-10316
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-10316
fixed_packages
aliases CVE-2018-10316
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m8kc-xzgu-fyfh
12
url VCID-mbcq-hctd-zye9
vulnerability_id VCID-mbcq-hctd-zye9
summary 
Use After Free
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) rc16 that will cause a denial of service during a line-number increment attempt.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20535.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20535.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392530
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392530
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663907
reference_id 1663907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663907
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918270
reference_id 918270
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918270
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20535
reference_id CVE-2018-20535
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-20535
fixed_packages
aliases CVE-2018-20535
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbcq-hctd-zye9
13
url VCID-mc7p-6e6r-eqdm
vulnerability_id VCID-mc7p-6e6r-eqdm
summary 
Use After Free
In Netwide Assembler (NASM) rc0, there is a use-after-free in the pp_list_one_macro function in asm/preproc.c that will cause a remote denial of service attack, related to mishandling of line-syntax errors.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17813.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17813.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392429
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392429
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529326
reference_id 1529326
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529326
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17813
reference_id CVE-2017-17813
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17813
fixed_packages
aliases CVE-2017-17813
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mc7p-6e6r-eqdm
14
url VCID-ptzu-snj4-gfc2
vulnerability_id VCID-ptzu-snj4-gfc2
summary 
Out-of-bounds Read
In Netwide Assembler (NASM) rc0, there is a heap-based buffer over-read in the function detoken() in asm/preproc.c that will cause a remote denial of service attack.
references
0
reference_url http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
reference_id
reference_type
scores
url http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17812.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17812.json
2
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392424
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392424
3
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529319
reference_id 1529319
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529319
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17812
reference_id CVE-2017-17812
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17812
fixed_packages
aliases CVE-2017-17812
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ptzu-snj4-gfc2
15
url VCID-qg3e-7rn4-mueu
vulnerability_id VCID-qg3e-7rn4-mueu
summary asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
2
reference_url http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16517.json
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16517.json
4
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392513
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392513
5
reference_url https://www.exploit-db.com/exploits/46726/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46726/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1626549
reference_id 1626549
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1626549
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16517
reference_id CVE-2018-16517
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-16517
8
reference_url https://fakhrizulkifli.github.io/CVE-2018-16517.html
reference_id CVE-2018-16517.HTML
reference_type
scores
url https://fakhrizulkifli.github.io/CVE-2018-16517.html
fixed_packages
aliases CVE-2018-16517
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qg3e-7rn4-mueu
16
url VCID-qwcx-98py-6qg5
vulnerability_id VCID-qwcx-98py-6qg5
summary 
Use After Free
There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) rc16 that will cause a denial of service during certain finishes tests.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20538.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20538.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392531
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392531
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1663908
reference_id 1663908
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1663908
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918269
reference_id 918269
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918269
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-20538
reference_id CVE-2018-20538
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-20538
fixed_packages
aliases CVE-2018-20538
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qwcx-98py-6qg5
17
url VCID-r4af-f3yb-6yb7
vulnerability_id VCID-r4af-f3yb-6yb7
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
In Netwide Assembler (NASM) rc0, preproc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file.
references
0
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392415
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392415
1
reference_url https://security.gentoo.org/glsa/201903-19
reference_id
reference_type
scores
url https://security.gentoo.org/glsa/201903-19
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867988
reference_id 867988
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867988
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-11111
reference_id CVE-2017-11111
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-11111
fixed_packages
aliases CVE-2017-11111
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r4af-f3yb-6yb7
18
url VCID-tsab-bkcw-j3gy
vulnerability_id VCID-tsab-bkcw-j3gy
summary 
Out-of-bounds Read
Netwide Assembler (NASM) rc15 has a buffer over-read in x86/regflags.c.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16382.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16382.json
3
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392503
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392503
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1625037
reference_id 1625037
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1625037
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907866
reference_id 907866
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907866
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-16382
reference_id CVE-2018-16382
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-16382
fixed_packages
aliases CVE-2018-16382
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tsab-bkcw-j3gy
19
url VCID-tvtj-uyfs-5kdn
vulnerability_id VCID-tvtj-uyfs-5kdn
summary 
Use After Free
In Netwide Assembler (NASM) rc0, there is a use-after-free in do_directive in asm/preproc.c that will cause a remote denial of service attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17814.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17814.json
1
reference_url https://bugzilla.nasm.us/show_bug.cgi?id=3392430
reference_id
reference_type
scores
url https://bugzilla.nasm.us/show_bug.cgi?id=3392430
2
reference_url https://usn.ubuntu.com/3694-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3694-1/
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1529327
reference_id 1529327
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1529327
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-17814
reference_id CVE-2017-17814
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-17814
fixed_packages
aliases CVE-2017-17814
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvtj-uyfs-5kdn
20
url VCID-xzcj-np5b-67d7
vulnerability_id VCID-xzcj-np5b-67d7
summary 
NULL Pointer Dereference
Netwide Assembler (NASM) rc15 has a NULL pointer dereference in the function find_label in asm/labels.c that will lead to a DoS attack.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19209.json
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19209.json
1
reference_url https://bugzilla.suse.com/show_bug.cgi?id=1115797
reference_id
reference_type
scores
url https://bugzilla.suse.com/show_bug.cgi?id=1115797
2
reference_url https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548
reference_id
reference_type
scores
url https://repo.or.cz/nasm.git/commitdiff/e996d28c70d45008085322b442b44a9224308548
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1652027
reference_id 1652027
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1652027
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-19209
reference_id CVE-2018-19209
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-19209
fixed_packages
aliases CVE-2018-19209
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzcj-np5b-67d7
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:nuget/nasm@2.14.0