Debian Bug report logs -
#932907
nasm: CVE-2019-14248: NULL-ptr dereference in limit pragma parser
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#932907; Package src:nasm.
(Wed, 24 Jul 2019 15:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Wed, 24 Jul 2019 15:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: nasm
Version: 2.14.02-1
Severity: important
Tags: security upstream
Forwarded: https://bugzilla.nasm.us/show_bug.cgi?id=3392576
Hi,
The following vulnerability was published for nasm.
CVE-2019-14248[0]:
| In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows
| a NULL pointer dereference in process_pragma, search_pragma_list, and
| nasm_set_limit when "%pragma limit" is mishandled.
$ ./nasm -felf64 ~/3392576
asm/nasm.c:199:14: runtime error: null pointer passed as argument 1, which is declared to never be null
AddressSanitizer:DEADLYSIGNAL
=================================================================
==6284==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f8b17ee3e18 bp 0x7ffca804f510 sp 0x7ffca804ec80 T0)
==6284==The signal is caused by a READ memory access.
==6284==Hint: address points to the zero page.
#0 0x7f8b17ee3e17 (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd2e17)
#1 0x56376c9e1365 in nasm_set_limit asm/nasm.c:199
#2 0x56376c9f7ffe in search_pragma_list asm/pragma.c:137
#3 0x56376c9f8700 in search_pragma_list asm/pragma.c:119
#4 0x56376c9f8700 in process_pragma asm/pragma.c:218
#5 0x56376c9f4935 in process_directives asm/directiv.c:503
#6 0x56376c9e54be in assemble_file asm/nasm.c:1498
#7 0x56376c9dc58a in main asm/nasm.c:617
#8 0x7f8b1730e09a in __libc_start_main ../csu/libc-start.c:308
#9 0x56376c9de099 in _start (/build/nasm-2.14.02/nasm+0x29e099)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xd2e17)
==6284==ABORTING
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-14248
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14248
[1] https://bugzilla.nasm.us/show_bug.cgi?id=3392576
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Jul 25 09:33:37 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon