Bug 1190019 – VUL-1: CVE-2020-18974: nasm: buffer overflow in crc64i() nasmlib/crc64.c

Bug 1190019 - (CVE-2020-18974) VUL-1: CVE-2020-18974: nasm: buffer overflow in crc64i() nasmlib/crc64.c

(CVE-2020-18974)
Summary:	VUL-1: CVE-2020-18974: nasm: buffer overflow in crc64i() nasmlib/crc64.c

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Michael Vetter
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/308327/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-18974:5.5:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-08-31 14:46 UTC by Gabriele Sonnu
Modified:	2022-11-22 08:36 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
nasm-factory.log (17.07 KB, text/plain) 2021-08-31 14:48 UTC, Gabriele Sonnu	Details
nasm-SLE15.log (6.21 KB, text/plain) 2021-08-31 14:49 UTC, Gabriele Sonnu	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gabriele Sonnu 2021-08-31 14:46:26 UTC

Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.

Reference:
https://bugzilla.nasm.us/show_bug.cgi?id=3392568

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1998315
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18974
https://bugzilla.nasm.us/show_bug.cgi?id=3392568

Comment 1 Gabriele Sonnu 2021-08-31 14:48:19 UTC

We currently ship these packages:

- SUSE:SLE-15:Update/nasm  2.14.02
- openSUSE:Factory/nasm    2.15.05

No upstream patch is available. 

Upstream issue and reproducer:
https://bugzilla.nasm.us/show_bug.cgi?id=3392568

I couldn't reproduce the issue. Running the poc with an ASAN-enabled build of nasm produces different output:

- SUSE:SLE-15:Update: heap-use-after-free
- openSUSE:Factory: some memory leaks

I have attached the execution log for both the openSUSE and SLE-15 package.

Could you please double check?

Comment 2 Gabriele Sonnu 2021-08-31 14:48:46 UTC

Created attachment 852191 [details]
nasm-factory.log

Comment 3 Gabriele Sonnu 2021-08-31 14:49:14 UTC

Created attachment 852192 [details]
nasm-SLE15.log

Comment 5 Zhou Shuiqing 2022-11-21 09:08:28 UTC

I want to fix this bug, but I can't access the bugzilla site.
Can you provide the testdata？

Comment 6 Zhou Shuiqing 2022-11-22 08:36:24 UTC

https://github.com/netwide-assembler/nasm/commit/8571f06061b47471a340e350fdfcd804098637d6
This commit has fixed this cve.