All errata/c9f2/ALT-PU-2024-16552-2
ALT-PU-2024-16552-2

Package update nasm in branch c9f2

Version2.16.03-alt1
Task#364127
Published2024-12-08
Max severityHIGH
Severity:

Closed issues (12)

BDU:2019-02930
LOW3.3

Уязвимость компонента libnasm.a ассемблера Netwide Assembler (NASM), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-08-20Modified: 2021-03-23
CVSS 3.xLOW 3.3
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
References
BDU:2023-02141
HIGH7.8

Уязвимость функции quote_for_pmake() (asm/nasm.c) ассемблера Netwide Assembler (NASM), позволяющая нарушителю выполнить произвольный код

Published: 2023-04-20Modified: 2024-12-03
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2023-05881
MEDIUM5.5

Уязвимость функции quote_for_pmake (asm/nasm.c) ассемблера ассемблера Netwide Assembler (NASM), позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-09-20Modified: 2024-09-13
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2019-20334
MEDIUM5.5

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

Published: 2020-01-04Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2019-6290
MEDIUM5.5

An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Published: 2019-01-15Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2019-6291
MEDIUM5.5

An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file.

Published: 2019-01-15Modified: 2024-11-21
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2022-29654
MEDIUM5.5

Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.

Published: 2023-08-22Modified: 2024-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References