NASM CVE-2019-7147 Buffer Overflow Vulnerability

Bugtraq ID:	106797
Class:	Boundary Condition Error
CVE:	CVE-2019-7147
Remote:	No
Local:	Yes
Published:	Jan 01 2019 12:00AM
Updated:	Jan 01 2019 12:00AM
Credit:	Cheng Wen
Vulnerable:	NASM NASM 2.15 NASM NASM 2.14rc16
Not Vulnerable:

NASM CVE-2019-7147 Buffer Overflow Vulnerability

NASM is prone to an off-by-one buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Exploiting this issue allows remote attackers to cause denial-of-service condition. Arbitrary code execution might be possible, but this is not confirmed.

NASM 2.15 version is vulnerable; other versions may also be vulnerable.

NASM CVE-2019-7147 Buffer Overflow Vulnerability

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

NASM CVE-2019-7147 Buffer Overflow Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

NASM CVE-2019-7147 Buffer Overflow Vulnerability

References:

• NASM Homepage (NASM)
  
• The Netwide Assembler (NASM)
  
• Bug 3392544 - Global-buffer-overflow problem in function crc64ib in crc64.c (Bugzilla)
  
• CVE-2019-7147 (Redhat)