NASM Netwide Assembler
Moderate fix1 remedy
cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*
Moderate fix1 remedy
- 2.17rc0
NASM Netwide Assembler Null Pointer Dereference Vulnerability in Version 2.17rc0
Vulnerability
A null pointer dereference vulnerability has been identified in NASM (Netwide Assembler) version 2.17rc0. This issue arises in the 'parse_smacro_template' function within 'preproc.c', specifically at line 3054. The vulnerability leads to a segmentation fault by allowing the program to dereference a null or invalid pointer, causing a crash. The issue is triggered by malformed macro template definitions that include invalid radix specifiers or other syntactical errors, which corrupt the parsing state and eventually cause the program to attempt to read from a memory address that points to the zero page, resulting in a segmentation fault. This vulnerability requires local exploitation.
Impact
Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the NASM program.
Reproduction
The vulnerability can be reproduced by compiling NASM with AddressSanitizer enabled and then executing the program with a specific malformed assembly file that triggers the null pointer dereference. This file can be downloaded from Google Drive.
Added: Aug 11, 2025, 12:19 PM
Updated: Aug 11, 2025, 1:36 PM
Vulnerability Rating
Custom Algorithm
spread
2.4impact
2.5exploitability
6.0remediation
6.0relevance
0.3threat
6.4urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.