https://bugzilla.redhat.com/show_bug.cgi?id=2035087
Bug ID: 2035087 Summary: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: psampaio@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com, pbonzini@redhat.com Target Milestone: --- Classification: Other
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
References:
https://bugzilla.nasm.us/show_bug.cgi?id=3392790
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2035088
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2035088 [Bug 2035088] CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
--- Comment #1 from Pedro Sampaio psampaio@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 2035088]
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
Pedro Sampaio psampaio@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2035091
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
--- Doc Text *updated* by TEJ RATHI trathi@redhat.com --- An infinite loop flaw was found in NASMs' preproc.c via paste_tokens() function. An attacker with local network access could pass specially crafted unknown input causing an application to halt or crash leading to Denial of Service.
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2038121, 2038122
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|CVE-2021-45257 nasm: |CVE-2021-45257 nasm: |Infinite loop via the |Infinite loop via the |gpaste_tokens function |paste_tokens function
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
--- Doc Text *updated* by Eric Christensen sparks@redhat.com --- An infinite loop flaw was found in nasm's preproc.c via paste_tokens() function. An attacker with local network access could pass a specially crafted unknown input causing an application to halt or crash leading to a denial of service.
https://bugzilla.redhat.com/show_bug.cgi?id=2035087
TEJ RATHI trathi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WONTFIX Status|NEW |CLOSED Last Closed| |2022-01-11 12:23:10
https://bugzilla.redhat.com/show_bug.cgi?id=2035087 Bug 2035087 depends on bug 2035088, which changed state.
Bug 2035088 Summary: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2035088
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
https://bugzilla.redhat.com/show_bug.cgi?id=2035087 Bug 2035087 depends on bug 2035088, which changed state.
Bug 2035088 Summary: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2035088
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |NEW Resolution|EOL |---
https://bugzilla.redhat.com/show_bug.cgi?id=2035087 Bug 2035087 depends on bug 2035088, which changed state.
Bug 2035088 Summary: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2035088
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |UPSTREAM
java-sig-commits@lists.fedoraproject.org