Bug 1190019 - (CVE-2020-18974) VUL-1: CVE-2020-18974: nasm: buffer overflow in crc64i() nasmlib/crc64.c
(CVE-2020-18974)
VUL-1: CVE-2020-18974: nasm: buffer overflow in crc64i() nasmlib/crc64.c
Status: NEW
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michael Vetter
Security Team bot
https://smash.suse.de/issue/308327/
CVSSv3.1:SUSE:CVE-2020-18974:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2021-08-31 14:46 UTC by Gabriele Sonnu
Modified: 2021-09-07 08:04 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
nasm-factory.log (17.07 KB, text/plain)
2021-08-31 14:48 UTC, Gabriele Sonnu
Details
nasm-SLE15.log (6.21 KB, text/plain)
2021-08-31 14:49 UTC, Gabriele Sonnu
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2021-08-31 14:46:26 UTC
Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147.

Reference:
https://bugzilla.nasm.us/show_bug.cgi?id=3392568

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1998315
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-18974
https://bugzilla.nasm.us/show_bug.cgi?id=3392568
Comment 1 Gabriele Sonnu 2021-08-31 14:48:19 UTC
We currently ship these packages:

- SUSE:SLE-15:Update/nasm  2.14.02
- openSUSE:Factory/nasm    2.15.05

No upstream patch is available. 

Upstream issue and reproducer:
https://bugzilla.nasm.us/show_bug.cgi?id=3392568

I couldn't reproduce the issue. Running the poc with an ASAN-enabled build of nasm produces different output:

- SUSE:SLE-15:Update: heap-use-after-free
- openSUSE:Factory: some memory leaks

I have attached the execution log for both the openSUSE and SLE-15 package.

Could you please double check?
Comment 2 Gabriele Sonnu 2021-08-31 14:48:46 UTC
Created attachment 852191 [details]
nasm-factory.log
Comment 3 Gabriele Sonnu 2021-08-31 14:49:14 UTC
Created attachment 852192 [details]
nasm-SLE15.log