Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 653862 (CVE-2018-10254)

Summary: <dev-lang/nasm-2.13.01: Stack-based buffer over read
Product: Gentoo Security Reporter: Francis Booth <boothf>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: slyfox
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://sourceforge.net/p/nasm/bugs/561/
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description Francis Booth 2018-04-23 05:59:52 UTC 
Netwide Assembler (nasm) through version 2.13 is vulnerable to a stack-based
buffer over-read in the disasm/disasm.c:disasm() function. An attacker could
exploit this to cause a crash or other unspecified impact via a crafted ELF
file.

Reproducible: Always