https://bugzilla.redhat.com/show_bug.cgi?id=1668321
Bug ID: 1668321
Summary: CVE-2019-6291 nasm: Recursive calls in the function
expr resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190102,reported=20190115,sour
ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/
I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na
sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
An issue was discovered in the function expr6 in eval.c in Netwide Assembler
(NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6
function making recursive calls to itself in certain scenarios involving lots
of
'!' or '+' or '-' characters. Remote attackers could leverage
this
vulnerability
to cause a denial-of-service via a crafted asm file.
Upstream Issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392549
--
You are receiving this mail because:
You are on the CC list for the bug.