oss-sec mailing list archives

Re: CVE id request: nasm off-by-one

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 16 Jun 2008 18:06:18 -0400 (EDT)


======================================================
Name: CVE-2008-2719
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2719
Reference: CONFIRM:http://repo.or.cz/w/nasm.git?a=commit;h=76ec8e73db16f4cf1453a142d03bcc74d528f72f
Reference: CONFIRM:https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208
Reference: MLIST:[oss-security] 20080611 CVE id request: nasm off-by-one
Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/11/4
Reference: FRSIRT:ADV-2008-1811
Reference: URL:http://www.frsirt.com/english/advisories/2008/1811

Off-by-one error in the ppscan function (preproc.c) in Netwide
Assembler (NASM) 2.02 allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted file that triggers a stack-based buffer overflow.

Current thread:

CVE id request: nasm off-by-one Nico Golde (Jun 11)
- Re: CVE id request: nasm off-by-one Eren Türkay (Jun 11)
  - Re: CVE id request: nasm off-by-one Marcus Meissner (Jun 12)
- Re: CVE id request: nasm off-by-one Steven M. Christey (Jun 16)