https://bugzilla.redhat.com/show_bug.cgi?id=1872747
Bug ID: 1872747 Summary: CVE-2020-24242 nasm: segmentation fault in tok_text function in asm/preproc.c by accessing read memory Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: gsuckevi@redhat.com CC: dominik@greysector.net, igor.raits@gmail.com, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com, pbonzini@redhat.com Target Milestone: --- Classification: Other
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.
Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392708
Upstream patch: https://github.com/netwide-assembler/nasm/commit/6299a3114ce0f3acd55d07de201...
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1872805
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1872805 [Bug 1872805] CVE-2020-24242 nasm: segmentation fault in tok_text function in asm/preproc.c by accessing read memory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
--- Comment #1 from Guilherme de Almeida Suckevicz gsuckevi@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 1872805]
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
Guilherme de Almeida Suckevicz gsuckevi@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1872807
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
--- Comment #2 from Todd Cullum tcullum@redhat.com --- Statement:
nasm as shipped with Red Hat Enterprise Linux 7 and 8 is not affected by this flaw because the vulnerable code was introduced in a newer version of nasm.
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
Product Security DevOps Team prodsec-dev@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2020-08-27 19:17:32
--- Comment #5 from Product Security DevOps Team prodsec-dev@redhat.com --- This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-24242
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |nasm-2.15.05rc1
https://bugzilla.redhat.com/show_bug.cgi?id=1872747
Todd Cullum tcullum@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version|nasm-2.15.05rc1 |nasm 2.15.05rc1
https://bugzilla.redhat.com/show_bug.cgi?id=1872747 Bug 1872747 depends on bug 1872805, which changed state.
Bug 1872805 Summary: CVE-2020-24242 nasm: segmentation fault in tok_text function in asm/preproc.c by accessing read memory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1872805
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org