Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 227773 - dev-lang/nasm >2 ,<=2.02 ,off-by-one error (CVE-2008-2719)
Summary: dev-lang/nasm >2 ,<=2.02 ,off-by-one error (CVE-2008-2719)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: https://sourceforge.net/tracker/?func...
Whiteboard: ~? [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-06-17 09:22 UTC by Matthias Geerdsen (RETIRED)
Modified: 2008-06-17 09:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2008-06-17 09:22:34 UTC 
CVE-2008-2719 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2719):
  Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler
  (NASM) 2.02 allows context-dependent attackers to cause a denial of service
  (crash) and possibly execute arbitrary code via a crafted file that triggers
  a stack-based buffer overflow.
Comment 1 Matthias Geerdsen (RETIRED) gentoo-dev 2008-06-17 09:36:39 UTC 
hm... 2.03 is in the tree already... closing
(leaving cc and whiteboard since I had already mostly filled it ;-)