Bug 1117960 – VUL-1: CVE-2018-19755: nasm: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can re

Bug 1117960 - (CVE-2018-19755) VUL-1: CVE-2018-19755: nasm: There is an illegal address access at asm/preproc.c (function: is_mmacro) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service (out-of-bounds array access) because a certain conversion can re

(CVE-2018-19755)
Summary:	VUL-1: CVE-2018-19755: nasm: There is an illegal address access at asm/prepro...

Status:	NEW

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Michael Vetter
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/219990/
Whiteboard:	CVSSv3:SUSE:CVE-2018-19755:4.4:(AV:L...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-11-30 16:07 UTC by Marcus Meissner
Modified:	2020-11-04 15:14 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
POC6 (1.08 KB, application/octet-stream) 2018-11-30 16:10 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-11-30 16:07:45 UTC

CVE-2018-19755

There is an illegal address access at asm/preproc.c (function: is_mmacro)
in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service
(out-of-bounds array access) because a certain conversion can result in a
negative integer.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19755
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19755.html

Comment 1 Marcus Meissner 2018-11-30 16:09:17 UTC

https://bugzilla.nasm.us/show_bug.cgi?id=3392528
https://repo.or.cz/nasm.git/commit/3079f7966dbed4497e36d5067cbfd896a90358cb

Comment 2 Marcus Meissner 2018-11-30 16:10:26 UTC

Created attachment 791474 [details]
POC6

QA REPRODUCER:

nasm -f bin POC6

should not crash

Comment 3 jun wang 2020-07-01 06:46:48 UTC

I am testing nasm update SUSE:Maintenance:15602:221324, and it seems that this bug
is NOT fixed after updating. the reproducer is from comment#2.

# nasm -f bin reproducer-1117960
reproducer-1117960: warning: default output file same as input, using `nasm.out' for output
 [-w+other]
reproducer-1117960:2: warning: redefining multi-line macro `section' [-w+other]
reproducer-1117960:13: error: `%19': not in a macro call
reproducer-1117960:13: error: label or instruction expected at start of line
reproducer-1117960:14: error: label or instruction expected at start of line
reproducer-1117960:15: error: parser: instruction expected
reproducer-1117960:16: error: parser: instruction expected
reproducer-1117960:17: error: parser: instruction expected
reproducer-1117960:18: error: parser: expecting ]
Segmentation fault (core dumped)