[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE id request: nasm off-by-one
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2008-06-16 22:06:18
Message-ID: Pine.GSO.4.51.0806161806091.16840 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2008-2719
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2719
Reference: CONFIRM:http://repo.or.cz/w/nasm.git?a=commit;h=76ec8e73db16f4cf1453a142d03bcc74d528f72f
Reference: CONFIRM:https://sourceforge.net/tracker/?func=detail&atid=106208&aid=1942146&group_id=6208
Reference: MLIST:[oss-security] 20080611 CVE id request: nasm off-by-one
Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/11/4
Reference: FRSIRT:ADV-2008-1811
Reference: URL:http://www.frsirt.com/english/advisories/2008/1811

Off-by-one error in the ppscan function (preproc.c) in Netwide
Assembler (NASM) 2.02 allows context-dependent attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted file that triggers a stack-based buffer overflow.


[prev in list] [next in list] [prev in thread] [next in thread]