Skip to main content

Nasm CVE-2026-6068

| EUVDEUVD-2026-21380 CRITICAL
Use After Free (CWE-416)
2026-04-10 certcc
Critical
Disputed · 9.6 NVD
Share

Severity by source

Sources disagree (Medium–Critical)
NVD PRIMARY
9.6 CRITICAL
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Red Hat
6.8 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
May 26, 2026 - 20:07 vuln.today
cvss_changed
Severity Changed
May 26, 2026 - 20:07 NVD
MEDIUM CRITICAL
CVSS changed
May 26, 2026 - 20:07 NVD
6.5 (MEDIUM) 9.6 (CRITICAL)
EUVD ID Assigned
Apr 10, 2026 - 13:45 euvd
EUVD-2026-21380
Analysis Generated
Apr 10, 2026 - 13:45 vuln.today
CVE Published
Apr 10, 2026 - 13:30 nvd
MEDIUM 6.5

DescriptionCVE.org

NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.

AnalysisAI

NASM up to version 3.02rc5 contains a heap use-after-free vulnerability in response file (-@) processing that allows remote attackers without authentication to cause data corruption or denial of service. The vulnerability arises from a dangling pointer stored in the global depend_file variable that is dereferenced after the response-file buffer has been freed. A proof-of-concept exploit exists, and CISA's SSVC framework rates this as automatable with partial technical impact, indicating moderate real-world risk despite the relatively modest CVSS score of 6.5.

Technical ContextAI

NASM (Netwide Assembler) is an open-source x86 assembler that supports response files (invoked via the -@ flag) to read command-line arguments from a file. The vulnerability is rooted in improper memory management during response-file processing: a pointer to the response-file buffer is assigned to the global depend_file variable, but the buffer is deallocated before the pointer is subsequently dereferenced. This is a classic heap use-after-free flaw (CWE-416 category), where freed memory is accessed after deallocation, potentially allowing an attacker to read adjacent heap data or corrupt heap metadata. The affected product spans all versions of NASM, with confirmed vulnerable releases including 3.02rc5. The network attack vector (AV:N) and absence of privilege or user interaction requirements (PR:N, UI:N) mean that a malicious response file can be supplied remotely to trigger the flaw.

RemediationAI

Upgrade to a patched release of NASM released after the 3.02rc5 release candidate. Check the official NASM GitHub repository (https://github.com/netwide-assembler/nasm) for the latest stable release that addresses the heap use-after-free flaw in response-file processing. If an immediate upgrade is not feasible, avoid processing response files (-@) from untrusted sources, and audit build pipelines to ensure that NASM response files are generated only by trusted tooling. The vulnerability details are documented in the NVD advisory (https://nvd.nist.gov/vuln/detail/CVE-2026-6068) and the upstream issue tracker (https://github.com/netwide-assembler/nasm/issues/222), which may contain information on the exact fix commit or patched version once released.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Development Tools 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

CVE-2026-6068 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy