Is Nasm affected by EUVD-2026-21378?

Netwide Assembler (NASM) 3.02rc5 contains a heap buffer overflow vulnerability that allows arbitrary code execution when processing malicious assembly files, posing significant risk to development teams and automated build pipelines that handle external or untrusted source code.

EUVD-2026-21378

| CVE-2026-6067 HIGH

2026-04-10 certcc

GHSA-6h49-94j7-p577

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 10, 2026 - 13:45 vuln.today

EUVD ID Assigned

Apr 10, 2026 - 13:45 euvd

EUVD-2026-21378

CVE Published

Apr 10, 2026 - 13:30 nvd

HIGH 7.5

Description

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.

Analysis

Heap buffer overflow in Netwide Assembler (NASM) 3.02rc5 obj_directive() function enables arbitrary code execution and denial of service when processing maliciously crafted .asm files. Missing bounds validation allows attackers to corrupt heap memory through specially constructed assembly source files. …

Remediation

Within 24 hours: Identify all systems running NASM 3.02rc5 and restrict access to NASM assembly processing to trusted inputs only; disable automated processing of external .asm files pending remediation. Within 7 days: Implement network segmentation isolating build systems running NASM from production environments and sensitive networks; document all assembly file sources and validate against a whitelist. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +38

POC: 0

EUVD-2026-21378 vulnerability details – vuln.today

Back

EUVD-2026-21378

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21378

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code