Bug 1121982 - (CVE-2019-6290) VUL-1: CVE-2019-6290: nasm: An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02
(CVE-2019-6290)
VUL-1: CVE-2019-6290: nasm: An infinite recursion issue was discovered in eva...
Status: RESOLVED UPSTREAM
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Adam Majer
Security Team bot
https://smash.suse.de/issue/222780/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-01-15 11:04 UTC by Alexandros Toptsoglou
Modified: 2019-01-16 12:32 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexandros Toptsoglou 2019-01-15 11:04:41 UTC
CVE-2019-6290

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM)
through 2.14.02. There is a stack exhaustion problem resulting from infinite
recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios
involving lots of '{' characters. Remote attackers could leverage this
vulnerability to cause a denial-of-service via a crafted asm file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6290
http://www.cvedetails.com/cve/CVE-2019-6290/
https://bugzilla.nasm.us/show_bug.cgi?id=3392548
Comment 1 Alexandros Toptsoglou 2019-01-15 11:12:23 UTC
This bug does not affect our codestreams; nasm just throws an error when testing the reproducer against version 2.13 without exhausting much of a memory.