Skip to main content

Red Hat EUVDEUVD-2026-21382

| CVE-2026-6069 HIGH
Out-of-bounds Write (CWE-787)
2026-04-10 certcc
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
9.4 HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 16, 2026 - 19:52 vuln.today
cvss_changed
EUVD ID Assigned
Apr 10, 2026 - 13:45 euvd
EUVD-2026-21382
Analysis Generated
Apr 10, 2026 - 13:45 vuln.today
CVE Published
Apr 10, 2026 - 13:30 nvd
HIGH 7.5

DescriptionCVE.org

NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when slen exceeds the buffer capacity.

AnalysisAI

Stack-based buffer overflow in NASM's disasm() function enables unauthenticated denial-of-service when processing malicious assembly input. Attacker-controlled disassembly formatting triggers out-of-bounds write when string length exceeds buffer capacity, causing application crash. Affects NASM assembler version 3.02rc5. Publicly available exploit code exists. CVSS 7.5 (High) reflects network-accessible attack vector requiring no privileges or user interaction, with availability impact only.

Technical ContextAI

Buffer overflow occurs in disasm() during disassembly output formatting when slen parameter exceeds allocated stack buffer size. Stack-based memory corruption allows attacker-controlled write beyond buffer boundaries. CVSS vector AV:N/AC:L/PR:N indicates remotely triggerable without authentication. No confidentiality or integrity impact (C:N/I:N), availability destruction only (A:H). SSVC confirms proof-of-concept availability and automatable exploitation with partial technical impact.

RemediationAI

Upstream fix available (PR/commit); released patched version not independently confirmed. Monitor vendor repository at https://github.com/netwide-assembler/nasm/issues/217 for definitive patch release addressing buffer overflow in disasm() function. Until patched version confirmed, avoid processing untrusted assembly input with disassembly functionality. Implement input validation limiting slen to safe buffer boundaries. Deploy network-level controls restricting NASM exposure to untrusted sources given unauthenticated remote attack vector. For production environments, defer NASM upgrade to stable release post-3.02rc5 incorporating buffer overflow remediation. Consult NVD advisory https://nvd.nist.gov/vuln/detail/CVE-2026-6069 for vendor updates. Given proof-of-concept code exists, prioritize patch deployment upon availability to mitigate denial-of-service risk.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Development Tools 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed
SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed

Share

EUVD-2026-21382 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy