https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Bug ID: 1668319 Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190102,reported=20190115,sour ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: darunesh@redhat.com CC: dominik@greysector.net, java-sig-commits@lists.fedoraproject.org, mizdebsk@redhat.com, nickc@redhat.com Target Milestone: --- Classification: Other
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.
Upstream Issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392548
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1668320
--- Comment #1 from Dhananjay Arunesh darunesh@redhat.com --- Created nasm tracking bugs for this issue:
Affects: fedora-all [bug 1668320]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1668320 [Bug 1668320] CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Dhananjay Arunesh darunesh@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1668324
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |low Whiteboard|impact=moderate,public=2019 |impact=low,public=20190102, |0102,reported=20190115,sour |reported=20190115,source=cv |ce=cve,cvss3=5.5/CVSS:3.0/A |e,cvss3=5.5/CVSS:3.0/AV:L/A |V:L/AC:L/PR:N/UI:R/S:U/C:N/ |C:L/PR:N/UI:R/S:U/C:N/I:N/A |I:N/A:H,cwe=CWE-400,fedora- |:H,cwe=CWE-400,fedora-all/n |all/nasm=affected,rhel-5/na |asm=affected,rhel-5/nasm=ne |sm=new,rhel-6/nasm=new,rhel |w,rhel-6/nasm=new,rhel-7/na |-7/nasm=new,rhel-8/nasm=new |sm=new,rhel-8/nasm=new Severity|medium |low
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20190102, |impact=low,public=20190102, |reported=20190115,source=cv |reported=20190115,source=cv |e,cvss3=5.5/CVSS:3.0/AV:L/A |e,cvss3=5.5/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |:H,cwe=CWE-400,fedora-all/n |:H,cwe=CWE-400,fedora-all/n |asm=affected,rhel-5/nasm=ne |asm=affected,rhel-5/nasm=wo |w,rhel-6/nasm=new,rhel-7/na |ntfix,rhel-6/nasm=wontfix,r |sm=new,rhel-8/nasm=new |hel-7/nasm=affected,rhel-8/ | |nasm=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20190102, |impact=low,public=20190102, |reported=20190115,source=cv |reported=20190115,source=cv |e,cvss3=5.5/CVSS:3.0/AV:L/A |e,cvss3=5.5/CVSS:3.0/AV:L/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |C:L/PR:N/UI:R/S:U/C:N/I:N/A |:H,cwe=CWE-400,fedora-all/n |:H,cwe=CWE-400,fedora-all/n |asm=affected,rhel-5/nasm=wo |asm=affected,rhel-5/nasm=wo |ntfix,rhel-6/nasm=wontfix,r |ntfix,rhel-6/nasm=wontfix,r |hel-7/nasm=affected,rhel-8/ |hel-7/nasm=affected,rhel-br |nasm=affected |-8/nasm=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
--- Comment #3 from Stefan Cornelius scorneli@redhat.com --- Statement:
This issue affects the versions of nasm as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.
Red Hat Enterprise Linux 5 is now in Extended Life Phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Low, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
https://bugzilla.redhat.com/show_bug.cgi?id=1668319
Stefan Cornelius scorneli@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1716233, 1716236
https://bugzilla.redhat.com/show_bug.cgi?id=1668319 Bug 1668319 depends on bug 1668320, which changed state.
Bug 1668320 Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1668320
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution|--- |EOL
java-sig-commits@lists.fedoraproject.org