CVE-2026-6067 - Vulnerability Details

Description

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.

Published: 2026-04-10

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A heap buffer overflow exists in Netwide Assembler's obj_directive() function due to omitted bounds checking. When an attacker supplies a specially crafted assembly file, the overflow can corrupt heap memory, trigger a crash, or enable arbitrary code execution. The weakness corresponds to CWE‑120, Buffer Copy without Checking Size of Input, and CWE‑787, Buffer Access with Improper Check.

Affected Systems

The vulnerability affects the Netwide Assembler (NASM). The advisory does not list specific affected versions, so users should refer to the vendor’s release notes or security bulletin for version details. The issue applies to installations that compile or assemble code on a local machine or within build environments.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of current exploitation. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires the ability to run NASM on a system with access to an attacker‑crafted assembly file; therefore the attack vector is likely local or depends on user privileges, but could be amplified in CI/CD pipelines that automatically assemble untrusted code.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NASM

affected

Version	Status	Constraints
`nasm-3.02rc5`	affected	—

Configuration 1 [-]

cpe:2.3:a:nasm:netwide_assembler:3.02:rc5:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Nasm

100%

Version	Status	Scheme	Platform
`nasm-3.02rc5`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to the latest NASM release that includes the fix.
If an upgrade is not immediately possible, restrict execution of NASM to trusted source files and prevent untrusted users from providing assembly files.
Monitor NASM usage for abnormal assembly activity and consider disabling automatic assembly of untrusted code until a patch is applied.

Generated by OpenCVE AI on April 17, 2026 at 08:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00037.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/netwide-assembler/nasm/issues/203
https://nvd.nist.gov/vuln/detail/CVE-2026-6067
https://www.cve.org/CVERecord?id=CVE-2026-6067

History

Thu, 16 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nasm netwide Assembler
Weaknesses		CWE-787
CPEs		cpe:2.3:a:nasm:netwide_assembler:3.02:rc5::::::
Vendors & Products		Nasm netwide Assembler

Tue, 14 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-122

Tue, 14 Apr 2026 12:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-120
References		https://nvd.nist.gov/vuln/detail/CVE-2026-6067 https://www.cve.org/CVERecord?id=CVE-2026-6067
Metrics	threat_severity `None`	threat_severity `Important`

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-122

Fri, 10 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nasm Nasm nasm
Vendors & Products		Nasm Nasm nasm

Fri, 10 Apr 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.
Title		CVE-2026-6067
References		https://github.com/netwide-assembler/nasm/issues/203

Subscriptions

Nasm Nasm Netwide Assembler

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2026-04-10T13:30:26.140Z

Updated: 2026-04-10T14:58:07.818Z

Reserved: 2026-04-10T13:26:16.675Z

Link: CVE-2026-6067

Vulnrichment

Updated: 2026-04-10T14:57:45.406Z

NVD

Status : Analyzed

Published: 2026-04-10T14:16:38.620

Modified: 2026-04-23T18:34:03.253

Link: CVE-2026-6067

Redhat

Severity : Important

Publid Date: 2026-04-10T13:30:26Z

Links: CVE-2026-6067 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-17T09:00:10Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object