Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read in the function tokenize in asm/preproc.c, related to an unterminated string. References: https://bugzilla.nasm.us/show_bug.cgi?id=3392446 Patch: https://github.com/cyrillos/nasm/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3
Based on the description, this issue affects nasm shipped by Red Hat Enterprise Linux 6 and 7. However, the reproducer attached in https://bugzilla.nasm.us/show_bug.cgi?id=3392446 did not work here.