An update for nasm is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1814 Final 1.0 1.0 2024-07-05 Initial 2024-07-05 2024-07-05 openEuler SA Tool V1.0 2024-07-05 nasm security update An update for nasm is now available for openEuler-20.03-LTS-SP4 NASM is the Netwide Assembler, a free portable assembler for the Intel 80x86 microprocessor series, using primarily the traditional Intel instruction mnemonics and syntax. It also provides tools in RDOFF binary format, includes linker, library manager, loader, and information dump. Security Fix(es): Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21685) A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21686) Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.(CVE-2020-21687) An update for nasm is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium nasm https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-21685 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-21686 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-21687 https://nvd.nist.gov/vuln/detail/CVE-2020-21685 https://nvd.nist.gov/vuln/detail/CVE-2020-21686 https://nvd.nist.gov/vuln/detail/CVE-2020-21687 openEuler-20.03-LTS-SP4 nasm-2.15.05-1.oe2003sp4.aarch64.rpm nasm-debuginfo-2.15.05-1.oe2003sp4.aarch64.rpm nasm-debugsource-2.15.05-1.oe2003sp4.aarch64.rpm nasm-2.15.05-1.oe2003sp4.src.rpm nasm-2.15.05-1.oe2003sp4.x86_64.rpm nasm-debuginfo-2.15.05-1.oe2003sp4.x86_64.rpm nasm-debugsource-2.15.05-1.oe2003sp4.x86_64.rpm nasm-help-2.15.05-1.oe2003sp4.noarch.rpm Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. 2024-07-05 CVE-2020-21685 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H nasm security update 2024-07-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814 A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. 2024-07-05 CVE-2020-21686 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H nasm security update 2024-07-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814 Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. 2024-07-05 CVE-2020-21687 openEuler-20.03-LTS-SP4 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H nasm security update 2024-07-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1814