Bug 2210211 (CVE-2023-31722) - CVE-2023-31722 nasm: heap buffer overflow in expand_mmacro() asm/preproc.c
Summary: CVE-2023-31722 nasm: heap buffer overflow in expand_mmacro() asm/preproc.c
Keywords:
Status: NEW
Alias: CVE-2023-31722
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2210214 2210215 2210216
Blocks: 2208019
TreeView+ depends on / blocked
 
Reported: 2023-05-26 05:55 UTC by TEJ RATHI
Modified: 2023-07-07 08:30 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A heap-based buffer overflow issue was discovered in Nasm's expand_mmacro() function, in the asm/preproc.c file. This issue could allow an attacker to trick a user into opening a specially crafted file, triggering out-of-bounds read access, causing an application to halt or crash, leading to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description TEJ RATHI 2023-05-26 05:55:38 UTC 
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).

https://bugzilla.nasm.us/show_bug.cgi?id=3392857
Comment 1 TEJ RATHI 2023-05-26 06:17:59 UTC 
Created nasm tracking bugs for this issue:

Affects: fedora-all [bug 2210214]
Note You need to log in before you can comment on or make changes to this bug.