You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2020 21528
About this tag
CVE-2020-21528 is a denial-of-service vulnerability in NASM, the Netwide Assembler. The flaw resides in the ieee_segment function within outieee.c, allowing a crafted assembly file to trigger a segmentation fault and crash the assembler. This creates a straightforward DoS vector against build systems or processes that accept untrusted assembly input. While the bug is narrowly scoped, it poses outsized operational risk in environments where NASM is treated as a low-privilege build tool. The vulnerability is simple to describe and easy to trigger, yet it was surprisingly easy to overlook in real-world deployments until distributions and packagers pushed fixes.
A segmentation fault in NASM’s ieee_segment routine quietly resurfaced as CVE‑2020‑21528: a small, narrowly scoped bug with outsized operational risk for build systems that accept untrusted assembly input. The flaw — rooted in outieee.c’s ieee_segment function — allowed a crafted assembly file...