GLSA-200412-20 : NASM: Buffer overflow vulnerability
Medium Nessus Plugin ID 16010
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200412-20 (NASM: Buffer overflow vulnerability)
Jonathan Rockway discovered that NASM-0.98.38 has an unprotected vsprintf() to an array in preproc.c. This code vulnerability may lead to a buffer overflow and potential execution of arbitrary code.
A remote attacker could craft a malicious object file which, when supplied in NASM, would result in the execution of arbitrary code with the rights of the user running NASM.
There is no known workaround at this time.
SolutionAll NASM users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/nasm-0.98.38-r1'