Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1625037 - (CVE-2018-16382) CVE-2018-16382 nasm: buffer over-read in x86/regflags.c allows for crash via crafted file
CVE-2018-16382 nasm: buffer over-read in x86/regflags.c allows for crash via ...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20180803,reported=2...
: Security
Depends On: 1625038 1625039
Blocks: 1625041
  Show dependency treegraph
 
Reported: 2018-09-03 23:35 EDT by Sam Fowler
Modified: 2018-09-06 00:55 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Sam Fowler 2018-09-03 23:35:25 EDT 
Netwide Assembler (NASM) through version 2.14rc15 has a buffer over-read in x86/regflags.c. An attacker could exploit this to cause a crash via a crafted file.


Upstream Bug:

https://bugzilla.nasm.us/show_bug.cgi?id=3392503
Comment 1 Sam Fowler 2018-09-03 23:35:53 EDT 
Created nasm tracking bugs for this issue:

Affects: fedora-all [bug 1625038]
Comment 3 Sam Fowler 2018-09-03 23:38:15 EDT 
Reproduces on F28 with nasm-2.13.03-1.fc28.x86_64:

# nasm CVE-2018-16382 2>&1 | ./asan_symbolizer.py 
nasm: warning: file name already has no extension: output will be in `nasm.out'
CVE-2018-16382:13: error: label or instruction expected at start of line
...[snip]...
CVE-2018-16382:36: error: parser: instruction expected
=================================================================
==21==ERROR: AddressSanitizer: global-buffer-overflow on address 0x562db193d8e8 at pc 0x562db18403ad bp 0x7fff611253e0 sp 0x7fff611253d0
READ of size 8 at 0x562db193d8e8 thread T0
    #0 0x562db18403ac in ?? /usr/src/debug/nasm-2.13.03-1.fc28.x86_64/asm/parser.c:891
    #1 0x562db1822bcd in ?? /usr/src/debug/nasm-2.13.03-1.fc28.x86_64/asm/nasm.c:1374
    #2 0x562db181dd1d in ?? /usr/src/debug/nasm-2.13.03-1.fc28.x86_64/asm/nasm.c:483
    #3 0x7fc6afd2c24a in __libc_start_main (/lib64/libc.so.6+0x2324a)
    #3 0x562db181f1b9 in ?? ??:0

0x562db193d8e8 is located 0 bytes to the right of global variable 'nasm_reg_flags' defined in 'x86/regflags.c:6:17' (0x562db193d160) of size 1928
SUMMARY: AddressSanitizer: global-buffer-overflow (/usr/bin/nasm+0x11a3ac)
Shadow bytes around the buggy address:
  0x0ac63631fac0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac63631fad0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac63631fae0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac63631faf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac63631fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0ac63631fb10: 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9 f9
  0x0ac63631fb20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac63631fb30: 00 00 00 00 03 f9 f9 f9 f9 f9 f9 f9 06 f9 f9 f9
  0x0ac63631fb40: f9 f9 f9 f9 00 04 f9 f9 f9 f9 f9 f9 00 00 00 00
  0x0ac63631fb50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0ac63631fb60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.