Source: nasm
Version: 2.14.02-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.nasm.us/show_bug.cgi?id=3392576
Hi,
The following vulnerability was published for nasm.
CVE-2019-14248[0]:
| In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows
| a NULL pointer dereference in process_pragma, search_pragma_list, and
| nasm_set_limit when "%pragma limit" is mishandled.
$ ./nasm -felf64 ~/3392576
asm/nasm.c:199:14: runtime error: null pointer passed as argument 1, which is
declared to never be null
AddressSanitizer:DEADLYSIGNAL
=================================================================
==6284==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc
0x7f8b17ee3e18 bp 0x7ffca804f510 sp 0x7ffca804ec80 T0)
==6284==The signal is caused by a READ memory access.
==6284==Hint: address points to the zero page.
#0 0x7f8b17ee3e17 (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd2e17)
#1 0x56376c9e1365 in nasm_set_limit asm/nasm.c:199
#2 0x56376c9f7ffe in search_pragma_list asm/pragma.c:137
#3 0x56376c9f8700 in search_pragma_list asm/pragma.c:119
#4 0x56376c9f8700 in process_pragma asm/pragma.c:218
#5 0x56376c9f4935 in process_directives asm/directiv.c:503
#6 0x56376c9e54be in assemble_file asm/nasm.c:1498
#7 0x56376c9dc58a in main asm/nasm.c:617
#8 0x7f8b1730e09a in __libc_start_main ../csu/libc-start.c:308
#9 0x56376c9de099 in _start (/build/nasm-2.14.02/nasm+0x29e099)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd2e17)
==6284==ABORTING
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14248
[1] https://bugzilla.nasm.us/show_bug.cgi?id=3392576
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
