Submeter #623189: nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruptioninformação

Títulonasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption
Descrição# NASM Stack Buffer Overflow Vulnerability in parse_line Function ## Vulnerability Summary A high-severity stack buffer overflow vulnerability has been discovered in the NASM (Netwide Assembler) parser module. The vulnerability occurs in the `parse_line` function within `parser.c` at line 1296, where the program reads beyond the bounds of a stack-allocated buffer. ## Technical Details - **Vulnerability Type**: Stack Buffer Overflow - **Affected Function**: `parse_line` - **Source File**: `parser.c` - **Line Number**: 1296 - **Signal**: SIGABRT (6) ## Vulnerability Mechanism and Root Cause This stack buffer overflow vulnerability is caused by insufficient bounds checking when parsing assembly language constructs. The root issue lies in the `parse_line` function where stack-allocated parsing buffers are accessed beyond their boundaries. The vulnerability occurs when: 1. The `parse_line` function processes assembly language lines with unexpected formatting or content 2. Stack-allocated buffers used for tokenization and parsing are not properly bounds-checked 3. Malformed input causes a READ operation of size 8 bytes beyond the allocated stack buffer boundary 4. This reads from adjacent stack memory, potentially exposing sensitive data or causing crashes 5. The buffer overflow can lead to stack corruption and unpredictable program behavior The vulnerability is triggered by malformed assembly syntax that causes the parsing logic to miscalculate buffer requirements or access patterns. ## AddressSanitizer Report ``` ================================================================= ==4063270==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f38b18000a8 at pc 0x559c5bcbe766 bp 0x7fff727f8770 sp 0x7fff727f8768 READ of size 8 at 0x7f38b18000a8 thread T0 #0 0x559c5bcbe765 in parse_line /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/parser.c:1296:29 #1 0x559c5bc520fe in assemble_file /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/nasm.c:1747:13 #2 0x559c5bc520fe in main /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/nasm.c:716:9 #3 0x7f38b3298d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 #4 0x7f38b3298e3f in __libc_start_main csu/../csu/libc-start.c:392:3 #5 0x559c5bb817b4 in _start (/workspace/benchmark/tmp/old-fuzzdir/fz-nasm/fz-nasm/nasm+0x1ed7b4) (BuildId: 2a14aa05a80be476) Address 0x7f38b18000a8 is located in stack of thread T0 at offset 168 in frame #0 0x559c5bc4ea7f in main /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/nasm.c:518 This frame has 5 object(s): [32, 40) 'list.addr.i' (line 420) [64, 160) 'dummy.i.i' (line 1617) <== Memory access at offset 168 overflows this variable [192, 656) 'output_ins.i' (line 1645) [720, 728) 'len.i264' (line 456) [752, 880) 'temp.i.i' (line 301) SUMMARY: AddressSanitizer: stack-buffer-overflow /workspace/benchmark/program/nasm-888d9ab-Nov5-2024/asm/parser.c:1296:29 in parse_line ``` ## Proof of Concept The vulnerability can be triggered by processing the malformed assembly file provided as `POC_nasm_stack_buffer_overflow_parse_line`. This file contains specific assembly syntax that causes the stack buffer overflow condition. **POC Download**: [Google Drive Link - POC_nasm_stack_buffer_overflow_parse_line](https://drive.google.com/file/d/1MQGtdnz58vRF2fAeJMJ4VGiBQWXpnqfy/view?usp=drive_link) ## Reproduction Steps 1. Compile NASM with AddressSanitizer enabled 2. Execute: `nasm -f elf64 POC_nasm_stack_buffer_overflow_parse_line` 3. The program will crash with a stack-buffer-overflow error ## Affected Versions NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) **Credit** - Xudong Cao (UCAS) - Yuqing Zhang (UCAS, Zhongguancun Laboratory)
Fonte⚠️ https://bugzilla.nasm.us/show_bug.cgi?id=3392938
Utilizador
 xdcao (UID 88377)
Submissão26/07/2025 09h12 (há 9 meses)
Moderação10/08/2025 17h57 (15 days later)
EstadoAceite
Entrada VulDB319380 [NASM Netwide Assember 2.17rc0 parser.c parse_line Excesso de tampão]
Pontos17

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!