Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 686722 (CVE-2019-6290, CVE-2019-6291) - dev-lang/nasm: multiple vulnerabilities
Summary: dev-lang/nasm: multiple vulnerabilities
Status: UNCONFIRMED
Alias: CVE-2019-6290, CVE-2019-6291
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-25 08:05 UTC by D'juan McDonald (domhnall)
Modified: 2019-05-25 08:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description D'juan McDonald (domhnall) 2019-05-25 08:05:08 UTC
(https://nvd.nist.gov/vuln/detail/CVE-2019-6290):
An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392548


(https://nvd.nist.gov/vuln/detail/CVE-2019-6291):
An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392549

Gentoo Security Padawan
(domhnall)