https://bugzilla.redhat.com/show_bug.cgi?id=1677636
Bug ID: 1677636 Summary: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190214,reported=20190215,sou rce=cve,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H /I:H/A:H,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/n asm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=ne w Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: darunesh@redhat.com CC: dominik@greysector.net, i.gnatenko.brain@gmail.com, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.
Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392556