First Last Prev Next    This bug is not in your last search results.
Bug 1142604 - (CVE-2019-14248) VUL-1: CVE-2019-14248: nasm: NULL pointer dereference in asm/pragma.c leading to Segmentation fault
(CVE-2019-14248)
VUL-1: CVE-2019-14248: nasm: NULL pointer dereference in asm/pragma.c leading...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Michael Vetter
E-mail List
https://smash.suse.de/issue/237916/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-24 09:09 UTC by Wolfgang Frisch
Modified: 2020-11-06 12:11 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
PoC (14 bytes, text/plain)
2019-07-24 09:12 UTC, Wolfgang Frisch 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2019-07-24 09:09:08 UTC 
CVE-2019-14248

In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows a NULL pointer dereference in process_pragma, search_pragma_list, and nasm_set_limit when "%pragma limit" is mishandled.

Upstream Issue:

https://bugzilla.nasm.us/show_bug.cgi?id=3392576

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1732714
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14248
https://bugzilla.nasm.us/show_bug.cgi?id=3392576
Comment 1 Wolfgang Frisch 2019-07-24 09:12:20 UTC 
Created attachment 811411 [details]
PoC

nasm -felf64 nullderef_nasm-2.14.02_pragma_limit.asm
Comment 5 Michael Vetter 2020-11-06 12:11:41 UTC 
Tumbleweed is at 2.15.05 now and not affected anymore

$ nasm -felf64 nullderef_nasm-2.14.02_pragma_limit                                                                               
$ ls
  nullderef_nasm-2.14.02_pragma_limit  nullderef_nasm-2.14.o
First Last Prev Next    This bug is not in your last search results.