Source: nasm
Version: 2.13.02-0.1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.nasm.us/show_bug.cgi?id=3392447
Hi,
The following vulnerability was published for nasm:
CVE-2018-8883[0]:
| Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the
| parse_line function in asm/parser.c via uncontrolled access to
| nasm_reg_flags.
----cut---------cut---------cut---------cut---------cut---------cut-----
nasm -felf64 411618
411618:8: error: label or instruction expected at start of line
411618:16: error: comma, colon, decorator or end of line expected after operand
411618:17: error: label or instruction expected at start of line
411618:20: error: label or instruction expected at start of line
411618:38: error: comma, colon, decorator or end of line expected after operand
411618:40: warning: unterminated string
411618:40: error: label or instruction expected at start of line
411618:43: error: label or instruction expected at start of line
=================================================================
==5711==ERROR: AddressSanitizer: global-buffer-overflow on address
0x55a680396c88 at pc 0x55a680244455 bp 0x7ffd87222c30 sp 0x7ffd87222c28
READ of size 8 at 0x55a680396c88 thread T0
#0 0x55a680244454 (/usr/bin/nasm+0x269454)
#1 0x55a68020bc43 (/usr/bin/nasm+0x230c43)
#2 0x55a680204bbe (/usr/bin/nasm+0x229bbe)
#3 0x7fb63c410a86 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21a86)
#4 0x55a680206a39 (/usr/bin/nasm+0x22ba39)
0x55a680396c88 is located 0 bytes to the right of global variable
'nasm_reg_flags' defined in 'x86/regflags.c:6:17' (0x55a680396500) of size 1928
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/bin/nasm+0x269454)
Shadow bytes around the buggy address:
0x0ab55006ad40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab55006ad50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab55006ad60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab55006ad70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab55006ad80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ab55006ad90: 00[f9]f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ab55006ada0: 00 00 00 00 00 00 00 00 00 04 f9 f9 f9 f9 f9 f9
0x0ab55006adb0: 03 f9 f9 f9 f9 f9 f9 f9 06 f9 f9 f9 f9 f9 f9 f9
0x0ab55006adc0: 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0ab55006add0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0ab55006ade0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==5711==ABORTING
----cut---------cut---------cut---------cut---------cut---------cut-----
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-8883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8883
[1] https://bugzilla.nasm.us/show_bug.cgi?id=3392447
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
