EUVD-2026-21378
GHSA-6h49-94j7-p577
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
Analysis
Heap buffer overflow in Netwide Assembler (NASM) 3.02rc5 obj_directive() function enables arbitrary code execution and denial of service when processing maliciously crafted .asm files. Missing bounds validation allows attackers to corrupt heap memory through specially constructed assembly source files. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running NASM 3.02rc5 and restrict access to NASM assembly processing to trusted inputs only; disable automated processing of external .asm files pending remediation. Within 7 days: Implement network segmentation isolating build systems running NASM from production environments and sensitive networks; document all assembly file sources and validate against a whitelist. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today