OESA-2021-1022

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1022

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2021-1022.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2021-1022

Upstream

CVE-2019-20352

CVE-2020-24241

Published

2021-02-04T11:02:35Z

Modified

2025-08-12T05:04:36.658608Z

Summary

nasm security update

Details

NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\r\n\r\n Security Fix(es):\r\n\r\n In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in settextfree when called from expandonesmacro in asm/preproc.c.(CVE-2019-20352)\r\n\r\n In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.(CVE-2020-24241)\r\n\r\n

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS / nasm

Package

Name: nasm
Purl: pkg:rpm/openEuler/nasm&distro=openEuler-20.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.15.03-2.oe1

Ecosystem specific

{
    "src": [
        "nasm-2.15.03-2.oe1.src.rpm",
        "nasm-2.15.03-2.oe1.src.rpm"
    ],
    "x86_64": [
        "nasm-2.15.03-2.oe1.x86_64.rpm",
        "nasm-debuginfo-2.15.03-2.oe1.x86_64.rpm",
        "nasm-debugsource-2.15.03-2.oe1.x86_64.rpm",
        "nasm-2.15.03-2.oe1.x86_64.rpm",
        "nasm-debuginfo-2.15.03-2.oe1.x86_64.rpm",
        "nasm-debugsource-2.15.03-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "nasm-help-2.15.03-2.oe1.noarch.rpm",
        "nasm-help-2.15.03-2.oe1.noarch.rpm"
    ],
    "aarch64": [
        "nasm-2.15.03-2.oe1.aarch64.rpm",
        "nasm-debuginfo-2.15.03-2.oe1.aarch64.rpm",
        "nasm-debugsource-2.15.03-2.oe1.aarch64.rpm",
        "nasm-2.15.03-2.oe1.aarch64.rpm",
        "nasm-debuginfo-2.15.03-2.oe1.aarch64.rpm",
        "nasm-debugsource-2.15.03-2.oe1.aarch64.rpm"
    ]
}

openEuler:20.03-LTS-SP1 / nasm

Package

Name: nasm
Purl: pkg:rpm/openEuler/nasm&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.15.03-2.oe1

Ecosystem specific

{
    "src": [
        "nasm-2.15.03-2.oe1.src.rpm"
    ],
    "x86_64": [
        "nasm-2.15.03-2.oe1.x86_64.rpm",
        "nasm-debuginfo-2.15.03-2.oe1.x86_64.rpm",
        "nasm-debugsource-2.15.03-2.oe1.x86_64.rpm"
    ],
    "noarch": [
        "nasm-help-2.15.03-2.oe1.noarch.rpm"
    ],
    "aarch64": [
        "nasm-2.15.03-2.oe1.aarch64.rpm",
        "nasm-debuginfo-2.15.03-2.oe1.aarch64.rpm",
        "nasm-debugsource-2.15.03-2.oe1.aarch64.rpm"
    ]
}