Situlingyun

Name of the Vulnerable Software and Affected Versions: nasm versions 2.14.01rc5 through 2.15 Description: The issue is related to a Buffer Overflow in the `asm/stdscan.c` file at line 130, which can cause a stack-overflow due to endless macro generation when triggered by a crafted nasm input file, leading to a program crash. Recommendations: For nasm versions 2.14.01rc5 through 2.15, consider disabling the macro generation feature as a temporary workaround until a patch is available. Restrict access to the `asm/stdscan.c` file to minimize the risk of exploitation. Avoid using crafted nasm input files that can trigger the endless macro generation.

**Name of the Vulnerable Software and Affected Versions** NASM versions 2.14rc15 and earlier **Description** The issue is related to a memory corruption that occurs when handling a crafted file, specifically due to the function `assemble file(inname, depend ptr)` at `asm/nasm.c:482`. This can result in the NASM program crashing. The attack appears to be exploitable via a specially crafted asm file. **Recommendations** For NASM versions 2.14rc15 and earlier, consider avoiding the use of the `assemble file(inname, depend ptr)` function until a patch is available. As a temporary workaround, restrict the handling of crafted asm files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.