https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Bug ID: 1668319 Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190102,reported=20190115,sour ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: darunesh@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Upstream Issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392548