Summary: | dev-lang/nasm: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | kripton, matthew |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.nasm.us/show_bug.cgi?id=3392568 | ||
Whiteboard: | B3 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-08-25 19:25:25 UTC
CVE-2021-45256 (https://bugzilla.nasm.us/show_bug.cgi?id=3392789): A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. CVE-2021-45257 (https://bugzilla.nasm.us/show_bug.cgi?id=3392790): An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. Can't tell if there's been any action taken upstream as their Bugzilla seems to be down. CVE-2021-33450 (https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d): https://bugzilla.nasm.us/show_bug.cgi?id=3392758 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c. CVE-2021-33452 (https://gist.github.com/Clingto/bb632c0c463f4b2c97e4f65f751c5e6d): https://bugzilla.nasm.us/show_bug.cgi?id=3392757 An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c. CVE-2022-41420 (https://bugzilla.nasm.us/show_bug.cgi?id=3392810): nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component CVE-2022-46456 (https://bugzilla.nasm.us/show_bug.cgi?id=3392814): NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c. CVE-2022-46457 (https://bugzilla.nasm.us/show_bug.cgi?id=3392809): NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c. The first one is untouched by upstream, the second was closed without any comment. CVE-2022-44368 (https://bugzilla.nasm.us/show_bug.cgi?id=3392820): NASM v2.16 was discovered to contain a null pointer deference in the NASM component CVE-2022-44369 (https://bugzilla.nasm.us/show_bug.cgi?id=3392819): NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c. CVE-2023-31722 (https://bugzilla.nasm.us/show_bug.cgi?id=3392857#c1): There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). CVE-2022-29654 (https://www.nasm.us/pub/nasm/releasebuilds/2.15.05/): https://gist.github.com/naihsin/b96e2c5c2c81621b46557fd7aacd165f Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. No upstream report? A comment on the referenced gist claims this is a duplicate of CVE-2022-44370. CVE-2023-38668 (https://bugzilla.nasm.us/show_bug.cgi?id=3392811): Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). CVE-2023-38667 (https://bugzilla.nasm.us/show_bug.cgi?id=3392812): Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. These untouched by upstream. CVE-2023-38665 (https://bugzilla.nasm.us/show_bug.cgi?id=3392818): Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). This one has been closed without comment. |