Bug#1016353: yasm: CVE-2021-33464

To: Moritz Mühlenhoff <jmm@inutil.org>, 1016353@bugs.debian.org
Subject: Bug#1016353: yasm: CVE-2021-33464
From: Petter Reinholdtsen <pere@hungry.com>
Date: Wed, 30 Apr 2025 07:58:33 +0200
Message-id: <[🔎] aBG8CYv4lB3BjSvV@hjemme.reinholdtsen.name>
Reply-to: Petter Reinholdtsen <pere@hungry.com>, 1016353@bugs.debian.org
In-reply-to: <YuRPoivOQBYkd3O6@pisco.westfalen.local>
References: <YuRPoivOQBYkd3O6@pisco.westfalen.local> <YuRPoivOQBYkd3O6@pisco.westfalen.local>

Control: tags -1 + patch pending

I believe the following patch, also passed upstream, will solve the
issue:

Description: Handle file descriptors with nonexisting env names better.
 Avoid writing past allocated memory.
 This fixes CVE-2021-33464.
Author: Petter Reinholdtsen <pere@debian.org>
Bug: https://github.com/yasm/yasm/issues/164
Bug-Debian: https://bugs.debian.org/1016353
Forwarded: https://github.com/yasm/yasm/issues/164
Last-Update: 2025-04-30
---
--- yasm-1.3.0.orig/modules/preprocs/nasm/nasm-pp.c
+++ yasm-1.3.0/modules/preprocs/nasm/nasm-pp.c
@@ -1815,7 +1815,7 @@ inc_fopen(char *file, char **newname)
             error(ERR_WARNING, "environment variable `%s' does not exist",
                   p1+1);
             *p2 = '%';
-            p1 = p2+1;
+            pb = p1 = p2+1;
             continue;
         }
         /* need to expand */

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Prev by Date: Bug#1035951: yasm: CVE-2023-29579
Next by Date: Processed: Re: yasm: CVE-2023-29579
Previous by thread: Processed: Re: yasm: CVE-2023-29579
Next by thread: Processed: Re: yasm: CVE-2021-33464
Index(es):
- Date
- Thread