https://bugzilla.redhat.com/show_bug.cgi?id=2133075
Bug ID: 2133075 Summary: CVE-2022-41420 nasm: stack-based buffer overflow in the ndisasm component Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com, pbonzini@redhat.com, sipoyare@redhat.com Target Milestone: --- Classification: Other
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component.
Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392810
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2133076
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=2133076 [Bug 2133076] CVE-2022-41420 nasm: stack-based buffer overflow in the ndisasm component [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 2133076]
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2131827
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |2133078, 2133077
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
--- Doc Text *updated* by Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- A stack-based buffer overflow was found in the ndisasm utility of the NASM package. The issue occurs when a specially crafted file is processed by the ndisasm utility, causing the application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
--- Doc Text *updated* by Paige Jung pajung@redhat.com --- A stack-based buffer overflow was found in the ndisasm utility of the NASM package. The issue occurs when a specially crafted file is processed by the ndisasm utility, which causes the application to crash.
https://bugzilla.redhat.com/show_bug.cgi?id=2133075 Bug 2133075 depends on bug 2133076, which changed state.
Bug 2133076 Summary: CVE-2022-41420 nasm: stack-based buffer overflow in the ndisasm component [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2133076
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org