{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"nasm security update", "category":"general", "title":"Synopsis" }, { "text":"An update for nasm is now available for openEuler-20.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump.\n\nSecurity Fix(es):\n\nBuffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21685)\n\nA stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21686)\n\nBuffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21687)", "category":"general", "title":"Description" }, { "text":"An update for nasm is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"nasm", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2024-1814", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814" }, { "summary":"CVE-2020-21685", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-21685&packageName=nasm" }, { "summary":"CVE-2020-21686", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-21686&packageName=nasm" }, { "summary":"CVE-2020-21687", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-21687&packageName=nasm" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21685" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21686" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2020-21687" }, { "summary":"openEuler-SA-2024-1814 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2024/csaf-openeuler-sa-2024-1814.json" } ], "title":"An update for nasm is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2024-07-05T09:21:33+08:00", "revision_history":[ { "date":"2024-07-05T09:21:33+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T09:21:33+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T09:21:33+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T09:21:33+08:00", "id":"openEuler-SA-2024-1814", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-2.15.05-1.oe2003sp4.aarch64.rpm", "name":"nasm-2.15.05-1.oe2003sp4.aarch64.rpm" }, "name":"nasm-2.15.05-1.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64.rpm", "name":"nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64.rpm" }, "name":"nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-debugsource-2.15.05-1.oe2003sp4.aarch64.rpm", "name":"nasm-debugsource-2.15.05-1.oe2003sp4.aarch64.rpm" }, "name":"nasm-debugsource-2.15.05-1.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-2.15.05-1.oe2003sp4.src.rpm", "name":"nasm-2.15.05-1.oe2003sp4.src.rpm" }, "name":"nasm-2.15.05-1.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-2.15.05-1.oe2003sp4.x86_64.rpm", "name":"nasm-2.15.05-1.oe2003sp4.x86_64.rpm" }, "name":"nasm-2.15.05-1.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64.rpm", "name":"nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64.rpm" }, "name":"nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-debugsource-2.15.05-1.oe2003sp4.x86_64.rpm", "name":"nasm-debugsource-2.15.05-1.oe2003sp4.x86_64.rpm" }, "name":"nasm-debugsource-2.15.05-1.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"nasm-help-2.15.05-1.oe2003sp4.noarch.rpm", "name":"nasm-help-2.15.05-1.oe2003sp4.noarch.rpm" }, "name":"nasm-help-2.15.05-1.oe2003sp4.noarch.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-2.15.05-1.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "name":"nasm-2.15.05-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "name":"nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-debugsource-2.15.05-1.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "name":"nasm-debugsource-2.15.05-1.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-2.15.05-1.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "name":"nasm-2.15.05-1.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-2.15.05-1.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "name":"nasm-2.15.05-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "name":"nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-debugsource-2.15.05-1.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "name":"nasm-debugsource-2.15.05-1.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"nasm-help-2.15.05-1.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch", "name":"nasm-help-2.15.05-1.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2020-21685", "notes":[ { "text":"Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ], "details":"nasm security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-21685" }, { "cve":"CVE-2020-21686", "notes":[ { "text":"A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ], "details":"nasm security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-21686" }, { "cve":"CVE-2020-21687", "notes":[ { "text":"Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ] }, "remediations":[ { "product_ids":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ], "details":"nasm security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.5, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.src", "openEuler-20.03-LTS-SP4:nasm-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-debugsource-2.15.05-1.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:nasm-help-2.15.05-1.oe2003sp4.noarch" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2020-21687" } ] }