Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 918547 (CVE-2020-21685, CVE-2020-21686, CVE-2020-21687)

Summary: dev-lang/nasm: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: matthew
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 18:31:13 UTC 
CVE-2020-21685 (https://bugzilla.nasm.us/show_bug.cgi?id=3392644):

Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

CVE-2020-21687 (https://bugzilla.nasm.us/show_bug.cgi?id=3392645):

Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.

Upstream couldn't reproduce, so calling these invalid for now, I guess.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-11-25 18:31:43 UTC 
CVE-2020-21686 (https://bugzilla.nasm.us/show_bug.cgi?id=3392643):

A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.