https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Bug ID: 1663906 Summary: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20180906,reported=20181221,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-122,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
A buffer overflow vulnerability was found in nasm. A specially crafted file could trigger endless macro generation and cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392514
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1663909
--- Comment #1 from Andrej Nemec anemec@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 1663909]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1663909 [Bug 1663909] CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1663910
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Nick Clifton nickc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
--- Comment #2 from Nick Clifton nickc@redhat.com --- Setting devel cond nak - waiting on 2.15 release upstream.
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Scott Gayou sgayou@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20180906, |impact=low,public=20180906, |reported=20181221,source=cv |reported=20181221,source=cv |e,cvss3=3.3/CVSS:3.0/AV:L/A |e,cvss3=3.3/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |:L,cwe=CWE-122,fedora-all/n |:L,cwe=CWE-122,fedora-all/n |asm=affected,rhel-5/nasm=ne |asm=affected,rhel-5/nasm=no |w,rhel-6/nasm=new,rhel-7/na |taffected,rhel-6/nasm=notaf |sm=new,rhel-8/nasm=new |fected,rhel-7/nasm=affected | |,rhel-8/nasm=affected
--- Comment #3 from Scott Gayou sgayou@redhat.com --- Yep. Simple segfault / denial of service. Reproducible in Red Hat Enterprise 7. Unable to reproduce on Red Hat Enterprise 5 and 6.
``` $ time nasm poc ... poc:14: error: macro call expects terminating `)' poc:14: error: macro call expects terminating `)' poc:14: error: macro call expects terminating `)' poc:14: error: interminable macro recursion Segmentation fault
real 1m24.913s
Very low impact.
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Scott Gayou sgayou@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1671492, 1671491
https://bugzilla.redhat.com/show_bug.cgi?id=1663906 Bug 1663906 depends on bug 1663909, which changed state.
Bug 1663909 Summary: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1663909
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org