https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Bug ID: 1663907 Summary: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: anemec@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392530
https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1663909
--- Comment #1 from Andrej Nemec anemec@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 1663909]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1663909 [Bug 1663909] CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1663910
https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Nick Clifton nickc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
--- Comment #2 from Nick Clifton nickc@redhat.com --- Setting devel cond NAK - waiting on upstream fix.
https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Scott Gayou sgayou@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20181118, |impact=low,public=20181118, |reported=20181228,source=cv |reported=20181228,source=cv |e,cvss3=3.3/CVSS:3.0/AV:L/A |e,cvss3=3.3/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |:L,cwe=CWE-416,fedora-all/n |:L,cwe=CWE-416,fedora-all/n |asm=affected,rhel-5/nasm=ne |asm=affected,rhel-5/nasm=no |w,rhel-6/nasm=new,rhel-7/na |taffected,rhel-6/nasm=wontf |sm=new,rhel-8/nasm=new |ix,rhel-7/nasm=affected,rhe | |l-8/nasm=affected
--- Comment #3 from Scott Gayou sgayou@redhat.com --- Red Hat Enterprise 6 and 7 are vulnerable. Valgrind output matches upstream's ASAN output relatively well:
``` poc:15: error: label or instruction expected at start of line poc:16: error: attempt to define a local label before any non-local labels poc:18: error: parser: instruction expected poc:18: error: parser: instruction expected poc:18: error: label or instruction expected at start of line ==12504== Invalid read of size 4 ==12504== at 0x4346C5: pp_getline (preproc.c:4957) ==12504== by 0x4046E3: assemble_file.constprop.3 (nasm.c:1222) ==12504== by 0x402D02: main (nasm.c:463) ```
https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Scott Gayou sgayou@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1671502, 1671503
https://bugzilla.redhat.com/show_bug.cgi?id=1663907 Bug 1663907 depends on bug 1663909, which changed state.
Bug 1663909 Summary: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1663909
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org