https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Bug ID: 1670704 Summary: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190101,reported=20190129,sour ce=cve,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: darunesh@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service.
References: https://bugzilla.nasm.us/show_bug.cgi?id=3392544
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1670705
--- Comment #1 from Dhananjay Arunesh darunesh@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 1670705]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1670705 [Bug 1670705] CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1670706 Summary|CVE-2019-7147 nasm: Buffer |CVE-2019-7147 nasm: Buffer |over-read in function |over-read in function |crc64ib in crc64.c |crc64ib in crc64.c |resulting in denial of |resulting in denial of |service. |service
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dbecker@redhat.com, | |jjoyce@redhat.com, | |jschluet@redhat.com, | |kbasil@redhat.com, | |lhh@redhat.com, | |lpeer@redhat.com, | |mburns@redhat.com, | |sclewis@redhat.com, | |slinaber@redhat.com Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019 |0101,reported=20190129,sour |0101,reported=20190129,sour |ce=cve,cvss3=6.5/CVSS:3.0/A |ce=cve,cvss3=6.5/CVSS:3.0/A |V:N/AC:L/PR:N/UI:R/S:U/C:N/ |V:N/AC:L/PR:N/UI:R/S:U/C:N/ |I:N/A:H,cwe=CWE-400,fedora- |I:N/A:H,cwe=CWE-400,fedora- |all/nasm=affected,rhel-5/na |all/nasm=affected,rhel-5/na |sm=new,rhel-6/nasm=new,rhel |sm=new,rhel-6/nasm=new,rhel |-7/nasm=new,rhel-8/nasm=new |-7/nasm=new,rhel-8/nasm=new | |,openstack-15-optools/nasm= | |new
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019 |0101,reported=20190129,sour |0101,reported=20190129,sour |ce=cve,cvss3=6.5/CVSS:3.0/A |ce=cve,cvss3=5.5/CVSS:3.0/A |V:N/AC:L/PR:N/UI:R/S:U/C:N/ |V:L/AC:L/PR:N/UI:R/S:U/C:N/ |I:N/A:H,cwe=CWE-400,fedora- |I:N/A:H,cwe=CWE-400,fedora- |all/nasm=affected,rhel-5/na |all/nasm=affected,rhel-5/na |sm=new,rhel-6/nasm=new,rhel |sm=new,rhel-6/nasm=new,rhel |-7/nasm=new,rhel-8/nasm=new |-7/nasm=new,rhel-8/nasm=new |,openstack-15-optools/nasm= |,openstack-15-optools/nasm= |new |new
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Joshua Padman jpadman@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|dbecker@redhat.com, | |jjoyce@redhat.com, | |jschluet@redhat.com, | |kbasil@redhat.com, | |lhh@redhat.com, | |lpeer@redhat.com, | |mburns@redhat.com, | |sclewis@redhat.com, | |slinaber@redhat.com | Whiteboard|impact=moderate,public=2019 |impact=moderate,public=2019 |0101,reported=20190129,sour |0101,reported=20190129,sour |ce=cve,cvss3=5.5/CVSS:3.0/A |ce=cve,cvss3=5.5/CVSS:3.0/A |V:L/AC:L/PR:N/UI:R/S:U/C:N/ |V:L/AC:L/PR:N/UI:R/S:U/C:N/ |I:N/A:H,cwe=CWE-400,fedora- |I:N/A:H,cwe=CWE-400,fedora- |all/nasm=affected,rhel-5/na |all/nasm=affected,rhel-5/na |sm=new,rhel-6/nasm=new,rhel |sm=new,rhel-6/nasm=new,rhel |-7/nasm=new,rhel-8/nasm=new |-7/nasm=new,rhel-8/nasm=new |,openstack-15-optools/nasm= | |new |
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low CC|dominik@greysector.net, | |java-sig-commits@lists.fedo | |raproject.org, | |mizdebsk@redhat.com, | |nickc@redhat.com | Whiteboard|impact=moderate,public=2019 |impact=low,public=20190101, |0101,reported=20190129,sour |reported=20190129,source=cv |ce=cve,cvss3=5.5/CVSS:3.0/A |e,cvss3=5.5/CVSS:3.0/AV:L/A |V:L/AC:L/PR:N/UI:R/S:U/C:N/ |C:L/PR:N/UI:R/S:U/C:N/I:N/A |I:N/A:H,cwe=CWE-400,fedora- |:H,cwe=CWE-125,fedora-all/n |all/nasm=affected,rhel-5/na |asm=affected,rhel-5/nasm=no |sm=new,rhel-6/nasm=new,rhel |taffected,rhel-6/nasm=notaf |-7/nasm=new,rhel-8/nasm=new |fected,rhel-7/nasm=notaffec | |ted,rhel-8/nasm=notaffected Severity|medium |low
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dominik@greysector.net, | |java-sig-commits@lists.fedo | |raproject.org, | |mizdebsk@redhat.com, | |nickc@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1670704 Bug 1670704 depends on bug 1670705, which changed state.
Bug 1670705 Summary: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1670705
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org