In Netwide Assembler 2.14rc0, there is a heap-based buffer over-read in the function detoken in asm/preproc.c that will cause a remote denial of service attack.