{"id":"USN-8248-2","summary":"nasm regression","details":"USN-8248-1 fixed vulnerabilities in NASM. Unfortunately the update\nintroduced a regression which could cause NASM to crash. This update fixes\nthe problem by reverting the fix for CVE-2021-33450 and CVE-2021-33452 in\nUbuntu 24.04 LTS.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n Daisy Chen discovered that NASM was vulnerable to a heap buffer overflow\n when handling certain input. An attacker could possibly use this issue  to\n cause NASM to crash, resulting in a denial of service, or  possibly\n execute arbitrary code. (CVE-2023-31722)\n\n It was discovered that NASM incorrectly handled memory allocation.  An\n attacker could possibly use this issue to cause NASM to use  excessive\n resources, leading to a denial of service. This issue  only affected\n Ubuntu 24.04 LTS. (CVE-2021-33452, CVE-2021-33450)","modified":"2026-05-11T11:02:33.272843858Z","published":"2026-05-08T14:22:34Z","related":["UBUNTU-CVE-2021-33450","UBUNTU-CVE-2021-33452"],"upstream":["CVE-2021-33450","CVE-2021-33452","UBUNTU-CVE-2021-33450","UBUNTU-CVE-2021-33452"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8248-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33450"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2021-33452"},{"type":"REPORT","url":"https://launchpad.net/bugs/2151861"}],"affected":[{"package":{"name":"nasm","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/nasm@2.16.01-1ubuntu0.1~esm2?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.16.01-1ubuntu0.1~esm2"}]}],"versions":["2.16.01-1","2.16.01-1build1","2.16.01-1ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"nasm","binary_version":"2.16.01-1ubuntu0.1~esm2"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8248-2.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2021-33450"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2021-33452"}],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}}],"schema_version":"1.7.5"}