Medium severity5.5NVD Advisory· Published Apr 10, 2026· Updated Apr 23, 2026

CVE-2026-6067

Description

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.

Affected products

Nasm/Netwide Assembler
cpe:2.3:a:nasm:netwide_assembler:3.02:rc5:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/netwide-assembler/nasm/issues/203nvdExploitIssue Tracking

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000