{"id":"CVE-2018-16517","details":"asm/labels.c in Netwide Assembler (NASM) is prone to NULL Pointer Dereference, which allows the attacker to cause a denial of service via a crafted file.","modified":"2026-04-11T12:07:37.517322Z","published":"2018-09-06T23:29:01.460Z","related":["MGASA-2020-0303","SUSE-SU-2020:1843-1","openSUSE-SU-2020:0952-1","openSUSE-SU-2020:0954-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc10:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc10"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc11:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc11"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc12:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc12"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc13:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc13"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc14:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc14"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc1:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc1"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc2:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc2"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc3:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc3"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc4:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc4"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc5:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc5"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc6:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc6"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc7:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc7"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc8:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc8"}]},{"cpe":"cpe:2.3:a:nasm:netwide_assembler:2.14.0:rc9:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"2.14.0-rc9"}]}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00015.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00017.html"},{"type":"REPORT","url":"https://bugzilla.nasm.us/show_bug.cgi?id=3392513"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/152566/Netwide-Assembler-NASM-2.14rc15-Null-Pointer-Dereference.html"},{"type":"EVIDENCE","url":"https://fakhrizulkifli.github.io/CVE-2018-16517.html"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/46726/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netwide-assembler/nasm","events":[{"introduced":"0"},{"last_affected":"ef7d18bfbb899fe8e44f4fae8d6a12e2742f69f5"},{"last_affected":"ccd2d5c542c27c53f8dd547c817303845c7ca6dc"}],"database_specific":{"cpe":["cpe:2.3:a:nasm:netwide_assembler:*:*:*:*:*:*:*:*","cpe:2.3:a:nasm:netwide_assembler:2.14:rc15:*:*:*:*:*:*"],"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"2.13.03"},{"last_affected":"2.14-rc15"}]}}],"versions":["before-reformat-2005-01","fork-0.98-j","fork-0.98-j5","fork-0.98bf","fork-0.98e","nasm-0.91","nasm-0.93","nasm-0.94","nasm-0.95","nasm-0.96","nasm-0.97","nasm-0.98","nasm-0.98.03","nasm-0.98.08","nasm-0.98.09","nasm-0.98.11","nasm-0.98.12","nasm-0.98.14","nasm-0.98.15","nasm-0.98.16","nasm-0.98.17","nasm-0.98.18","nasm-0.98.19","nasm-0.98.20","nasm-0.98.21","nasm-0.98.22","nasm-0.98.23","nasm-0.98.24","nasm-0.98.25","nasm-0.98.25alt","nasm-0.98.26","nasm-0.98.30","nasm-0.98.31","nasm-0.98.32","nasm-0.98.33","nasm-0.98.34","nasm-0.98.35","nasm-0.98.36","nasm-0.98.37","nasm-0.98.38","nasm-0.98.39","nasm-0.98p3","nasm-0.98p3-hpa","nasm-0.98p3.2","nasm-0.98p3.3","nasm-0.98p3.4","nasm-0.98p3.5","nasm-0.98p3.6","nasm-0.98p3.7","nasm-0.98p6","nasm-0.98p7","nasm-0.99.01","nasm-0.99.02","nasm-0.99.05","nasm-0.99.06","nasm-2.00","nasm-2.00rc1","nasm-2.00rc3","nasm-2.01","nasm-2.01rc1","nasm-2.01rc2","nasm-2.02","nasm-2.02rc1","nasm-2.02rc2","nasm-2.03rc1","nasm-2.03rc2","nasm-2.03rc3","nasm-2.03rc5","nasm-2.03rc6","nasm-2.03rc7","nasm-2.03rc8","nasm-2.04","nasm-2.04rc1","nasm-2.04rc2","nasm-2.04rc3","nasm-2.04rc4","nasm-2.04rc5","nasm-2.04rc6","nasm-2.05","nasm-2.05rc1","nasm-2.05rc2","nasm-2.05rc3","nasm-2.05rc4","nasm-2.05rc5","nasm-2.05rc6","nasm-2.05rc7","nasm-2.05rc8","nasm-2.06","nasm-2.06.01rc1","nasm-2.06rc1","nasm-2.06rc10","nasm-2.06rc11","nasm-2.06rc12","nasm-2.06rc13","nasm-2.06rc14","nasm-2.06rc15","nasm-2.06rc16","nasm-2.06rc2","nasm-2.06rc3","nasm-2.06rc4","nasm-2.06rc5","nasm-2.06rc6","nasm-2.06rc7","nasm-2.06rc8","nasm-2.06rc9","nasm-2.07","nasm-2.07rc1","nasm-2.07rc2","nasm-2.07rc3","nasm-2.07rc4","nasm-2.07rc5","nasm-2.07rc6","nasm-2.07rc7","nasm-2.08","nasm-2.08rc1","nasm-2.08rc10","nasm-2.08rc2","nasm-2.08rc3","nasm-2.08rc4","nasm-2.08rc5","nasm-2.08rc6","nasm-2.08rc7","nasm-2.08rc8","nasm-2.08rc9","nasm-2.09","nasm-2.09rc1","nasm-2.09rc2","nasm-2.09rc4","nasm-2.09rc5","nasm-2.09rc6","nasm-2.09rc7","nasm-2.10","nasm-2.10.01","nasm-2.10.02","nasm-2.10.03","nasm-2.10.04","nasm-2.10.05","nasm-2.10.06","nasm-2.10.07","nasm-2.10.08","nasm-2.10.09","nasm-2.10rc1","nasm-2.10rc10","nasm-2.10rc11","nasm-2.10rc12","nasm-2.10rc13","nasm-2.10rc14","nasm-2.10rc15","nasm-2.10rc2","nasm-2.10rc3","nasm-2.10rc4","nasm-2.10rc5","nasm-2.10rc6","nasm-2.10rc7","nasm-2.10rc8","nasm-2.10rc9","nasm-2.11","nasm-2.11.01","nasm-2.11.02","nasm-2.11.03","nasm-2.11.06","nasm-2.11.07","nasm-2.11.08","nasm-2.11.09rc1","nasm-2.11.09rc2","nasm-2.11rc1","nasm-2.11rc2","nasm-2.11rc3","nasm-2.11rc4","nasm-2.12rc1","nasm-2.12rc2","nasm-2.12rc3","nasm-2.13","nasm-2.13.01","nasm-2.13.02","nasm-2.13.02rc1","nasm-2.13.02rc2","nasm-2.13.02rc3","nasm-2.13.03","nasm-2.13.03.rc2","nasm-2.13.03rc1","nasm-2.13.03rc3","nasm-2.13.03rc5","nasm-2.13.03rc6","nasm-2.13rc1","nasm-2.13rc10","nasm-2.13rc11","nasm-2.13rc12","nasm-2.13rc13","nasm-2.13rc14","nasm-2.13rc15","nasm-2.13rc16","nasm-2.13rc17","nasm-2.13rc18","nasm-2.13rc2","nasm-2.13rc21","nasm-2.13rc22","nasm-2.13rc23","nasm-2.13rc3","nasm-2.13rc4","nasm-2.13rc5","nasm-2.13rc6","nasm-2.13rc7","nasm-2.13rc8","nasm-2.13rc9","nasm-2.14rc1","nasm-2.14rc10","nasm-2.14rc11","nasm-2.14rc12","nasm-2.14rc13","nasm-2.14rc14","nasm-2.14rc15","nasm-2.14rc2","nasm-2.14rc3","nasm-2.14rc4","nasm-2.14rc5","nasm-2.14rc6","nasm-2.14rc7","nasm-2.14rc8","nasm-2.14rc9","verified"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16517.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}