NASM

Source repositories

https://github.com/netwide-assembler/nasm

CVEs (21)

CVE	Vendor / Product	Sev	Risk	CVSS	Published	Description
CVE-2026-6069	Nasm Netwide Assembler	Hig	0.49	7.5	Apr 10, 2026	NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
CVE-2026-6068	Nasm Netwide Assembler	Med	0.42	6.5	Apr 10, 2026	NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.
CVE-2026-6067	Nasm Netwide Assembler	Med	0.36	5.5	Apr 10, 2026	A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
CVE-2025-8846	Nasm Netwide Assembler	Med	0.34	5.3	Aug 11, 2025	A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-8843	Nasm Netwide Assembler	Med	0.34	5.3	Aug 11, 2025	A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-8842	Nasm Netwide Assembler	Med	0.34	5.3	Aug 11, 2025	A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2022-29654	Nasm NASM		0.00	—	Aug 22, 2023	Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
CVE-2023-38668	Nasm NASM		0.00	—	Aug 22, 2023	Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
CVE-2020-21686	Nasm NASM		0.00	—	Aug 22, 2023	A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2020-21687	Nasm NASM		0.00	—	Aug 22, 2023	Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2020-18780	Nasm NASM		0.00	—	Aug 22, 2023	A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
CVE-2023-38667	Nasm NASM		0.00	—	Aug 22, 2023	Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
CVE-2023-38665	Nasm NASM		0.00	—	Aug 22, 2023	Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
CVE-2020-21685	Nasm NASM		0.00	—	Aug 22, 2023	Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2023-31722	Nasm NASM		0.00	—	May 17, 2023	There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
CVE-2022-44370	Nasm NASM		0.00	—	Mar 29, 2023	NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
CVE-2022-46457	Nasm NASM		0.00	—	Jan 4, 2023	NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
CVE-2022-46456	Nasm NASM		0.00	—	Jan 4, 2023	NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVE-2022-41420	Nasm NASM		0.00	—	Oct 3, 2022	nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2021-33452	Nasm NASM		0.00	—	Jul 26, 2022	An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.

CVE-2026-6069HigApr 10, 2026
Nasm
Netwide Assembler
risk 0.49cvss 7.5epss 0.00
NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
CVE-2026-6068MedApr 10, 2026
Nasm
Netwide Assembler
risk 0.42cvss 6.5epss 0.00
NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution.
CVE-2026-6067MedApr 10, 2026
Nasm
Netwide Assembler
risk 0.36cvss 5.5epss 0.00
A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
CVE-2025-8846MedAug 11, 2025
Nasm
Netwide Assembler
risk 0.34cvss 5.3epss 0.00
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2025-8843MedAug 11, 2025
Nasm
Netwide Assembler
risk 0.34cvss 5.3epss 0.00
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-8842MedAug 11, 2025
Nasm
Netwide Assembler
risk 0.34cvss 5.3epss 0.00
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
CVE-2022-29654Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.
CVE-2023-38668Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
CVE-2020-21686Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2020-21687Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2020-18780Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
CVE-2023-38667Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
CVE-2023-38665Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).
CVE-2020-21685Aug 22, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.
CVE-2023-31722May 17, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).
CVE-2022-44370Mar 29, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856
CVE-2022-46457Jan 4, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
CVE-2022-46456Jan 4, 2023
Nasm
NASM
risk 0.00cvss —epss 0.00
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
CVE-2022-41420Oct 3, 2022
Nasm
NASM
risk 0.00cvss —epss 0.00
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component
CVE-2021-33452Jul 26, 2022
Nasm
NASM
risk 0.00cvss —epss 0.00
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.

Page 1 of 2