686720 – (CVE-2019-8343) <dev-lang/nasm-2.16.01: use-after-free in paste_tokens in asm/preproc.c

Bug 686720 (CVE-2019-8343) - <dev-lang/nasm-2.16.01: use-after-free in paste_tokens in asm/preproc.c

Summary: <dev-lang/nasm-2.16.01: use-after-free in paste_tokens in asm/preproc.c

Status:	RESOLVED FIXED

Alias:	CVE-2019-8343

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:	https://bugzilla.nasm.us/show_bug.cgi...
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:
Blocks:

Reported:	2019-05-25 07:52 UTC by D'juan McDonald (domhnall)
Modified:	2023-12-22 12:13 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2019-05-25 07:52:09 UTC

(https://nvd.nist.gov/vuln/detail/CVE-2019-8343):
In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c.


Gentoo Security Padawan
(domhnall)

Comment 1 Hans de Graaff gentoo-dev

2023-10-17 16:00:52 UTC

According to the upstream bug this should be fixed in nasm 2.16.01. Please clean up the vulnerable version 2.15.05.

Comment 2 Larry the Git Cow gentoo-dev

2023-10-22 14:34:40 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d1d1dd861423b9661e29d048de111f7d5034738

commit 9d1d1dd861423b9661e29d048de111f7d5034738
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2023-10-22 14:33:38 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2023-10-22 14:34:35 +0000

    dev-lang/nasm: drop 2.15.05
    
    Bug: https://bugs.gentoo.org/686720
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 dev-lang/nasm/Manifest            |  1 -
 dev-lang/nasm/nasm-2.15.05.ebuild | 53 ---------------------------------------
 2 files changed, 54 deletions(-)

Comment 3 John Helmert III archtester

2023-10-23 04:21:56 UTC

> According to the upstream bug this should be fixed in nasm 2.16.01

But the bug is still open and there's no confirmation of a fix by the reporter, do we trust it?

Comment 4 Matthew Smith gentoo-dev

2023-10-25 07:47:00 UTC

The poc no longer triggers a use-after-free crash with asan, but none of the changes in the git log or release notes mention the upstream bug or CVE.

The history of preproc.c is quite exciting to read through: https://github.com/netwide-assembler/nasm/commits/master/asm/preproc.c

Comment 5 John Helmert III archtester

2023-10-28 21:47:56 UTC

> The history of preproc.c is quite exciting to read through

Gross :(

But I'll trust the determination of the maintainer here, then. Thanks!

Comment 6 Larry the Git Cow gentoo-dev

2023-12-22 12:11:59 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9f9ee310bf6c4ebf26d43ff75e027e27f23beb80

commit 9f9ee310bf6c4ebf26d43ff75e027e27f23beb80
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-12-22 12:11:31 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-12-22 12:11:54 +0000

    [ GLSA 202312-09 ] NASM: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/686720
    Bug: https://bugs.gentoo.org/903755
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202312-09.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)