Bug 451995 (CVE-2008-2719)
Summary: | CVE-2008-2719 nasm: off-by-one error in the ppscan function | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | pmachata |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2719 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-04 13:33:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-06-18 15:20:32 UTC
We only ship 2.01, but from the look into the sources it seems to me that we are still affected: --- nasm-2.01/preproc.c 2008-01-17 21:22:17.000000000 +0100 +++ nasm-2.03.01/preproc.c 2008-06-17 06:31:16.000000000 +0200 @@ -1074,7 +1121,7 @@ static int ppscan(void *private_data, st } for (r = p, s = ourcopy; *r; r++) { - if (r > p+MAX_KEYWORD) + if (r >= p+MAX_KEYWORD) return tokval->t_type = TOKEN_ID; /* Not a keyword */ *s++ = tolower(*r); I can rebase to 2.03.01. Note these issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F9/FEDORA-2008-5473 Just for future reference: The issue was introduced in the following upstream commit: http://repo.or.cz/w/nasm.git?a=commitdiff;h=c2df282092512917e558f56797f2e2be889de61c Upstream version 0.99 seem to be the first version containing this affected code. Fixed upstream in 2.03.01. |