First Last Prev Next    This bug is not in your last search results.
Bug 1106878 - (CVE-2018-16382) VUL-1: CVE-2018-16382: nasm: Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.
(CVE-2018-16382)
VUL-1: CVE-2018-16382: nasm: Netwide Assembler (NASM) 2.14rc15 has a buffer o...
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Michael Vetter
Security Team bot
https://smash.suse.de/issue/213662/
CVSSv3:RedHat:CVE-2018-16382:3.3:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-09-03 08:28 UTC by Marcus Meissner
Modified: 2020-11-04 15:12 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
poc.nasm (1.59 KB, application/octet-stream)
2018-09-03 08:32 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-09-03 08:28:40 UTC 
CVE-2018-16382

Netwide Assembler (NASM) 2.14rc15 has a buffer over-read in x86/regflags.c.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16382
https://bugzilla.nasm.us/show_bug.cgi?id=3392503
Comment 1 Marcus Meissner 2018-09-03 08:32:38 UTC 
Created attachment 781654 [details]
poc.nasm

QA REPRODUCER:

valgrind nasm poc.nasm

should not show invalid reads
Comment 2 Marcus Meissner 2018-09-03 08:35:14 UTC 
I am not getting it report errors with valgrind.

might only be in newer versions.
Comment 3 Swamp Workflow Management 2020-07-06 16:15:28 UTC 
SUSE-SU-2020:1843-1: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1084631,1086186,1086227,1086228,1090519,1090840,1106878,1107592,1107594,1108404,1115758,1115774,1115795,1173538
CVE References: CVE-2018-1000667,CVE-2018-10016,CVE-2018-10254,CVE-2018-10316,CVE-2018-16382,CVE-2018-16517,CVE-2018-16999,CVE-2018-19214,CVE-2018-19215,CVE-2018-19216,CVE-2018-8881,CVE-2018-8882,CVE-2018-8883
Sources used:
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    nasm-2.14.02-3.4.1
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    nasm-2.14.02-3.4.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2020-07-13 19:13:34 UTC 
openSUSE-SU-2020:0954-1: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1084631,1086186,1086227,1086228,1090519,1090840,1106878,1107592,1107594,1108404,1115758,1115774,1115795,1173538
CVE References: CVE-2018-1000667,CVE-2018-10016,CVE-2018-10254,CVE-2018-10316,CVE-2018-16382,CVE-2018-16517,CVE-2018-16999,CVE-2018-19214,CVE-2018-19215,CVE-2018-19216,CVE-2018-8881,CVE-2018-8882,CVE-2018-8883
Sources used:
openSUSE Leap 15.2 (src):    nasm-2.14.02-lp152.4.3.1
Comment 5 Swamp Workflow Management 2020-07-13 19:16:23 UTC 
openSUSE-SU-2020:0952-1: An update that solves 13 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1084631,1086186,1086227,1086228,1090519,1090840,1106878,1107592,1107594,1108404,1115758,1115774,1115795,1173538
CVE References: CVE-2018-1000667,CVE-2018-10016,CVE-2018-10254,CVE-2018-10316,CVE-2018-16382,CVE-2018-16517,CVE-2018-16999,CVE-2018-19214,CVE-2018-19215,CVE-2018-19216,CVE-2018-8881,CVE-2018-8882,CVE-2018-8883
Sources used:
openSUSE Leap 15.1 (src):    nasm-2.14.02-lp151.3.3.1
First Last Prev Next    This bug is not in your last search results.