CVE-2026-6068 - Vulnerability Details

Description

NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.

Published: 2026-04-10

Score: 6.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

NASM implements a use‑after‑free bug in its response file (-@) handling. A dangling pointer to freed memory is stored in the global depend_file and later dereferenced when the buffer is released, leading to memory corruption or unpredictable behaviour. The underlying weakness is a classic heap use‑after‑free error. An attacker could potentially exploit this to corrupt program state or cause a crash.

Affected Systems

The Netwide Assembler (NASM) is the affected product. No specific version numbers are listed, so any release containing the vulnerable response‑file parser may be at risk. This issue is tied to the NASM codebase itself and is not limited to any particular operating system or distribution.

Risk and Exploitability

The CVSS score of 6.5 places this vulnerability in the moderate severity range. EPSS data is not available and the flaw is not listed in the CISA Known Exploited Vulnerabilities catalog, indicating no widespread public exploitation yet. The likely attack vector is local; a user who runs NASM with a crafted response file can trigger the use‑after‑free. While the damage is currently limited to memory corruption, an attacker with additional weaknesses could potentially execute arbitrary code. Remote exploitation is unlikely unless NASM is invoked by a network‑exposed service.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

NASM

affected

Version	Status	Constraints
`nasm-3.02rc5`	affected	—

Configuration 1 [-]

cpe:2.3:a:nasm:netwide_assembler:3.02:rc5:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Nasm

100%

Version	Status	Scheme	Platform
`nasm-3.02rc5`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check for an updated version of NASM that addresses the issue and install it.
If no patch is available, avoid using the response file feature until a fix is released and limit NASM execution to trusted users.
Monitor the official NASM issue tracker or mailing list for updates on a fix.
As a temporary precaution, run NASM under sandboxing or strict memory protection settings such as address space layout randomization and stack canaries to reduce the risk of arbitrary code execution.

Generated by OpenCVE AI on April 10, 2026 at 16:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Exploitation poc

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/netwide-assembler/nasm/issues/222
https://nvd.nist.gov/vuln/detail/CVE-2026-6068
https://www.cve.org/CVERecord?id=CVE-2026-6068

History

Thu, 16 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nasm netwide Assembler
CPEs		cpe:2.3:a:nasm:netwide_assembler:3.02:rc5::::::
Vendors & Products		Nasm netwide Assembler

Tue, 14 Apr 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2026-6068 https://www.cve.org/CVERecord?id=CVE-2026-6068

Mon, 13 Apr 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Fri, 10 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 10 Apr 2026 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nasm Nasm nasm
Vendors & Products		Nasm Nasm nasm

Fri, 10 Apr 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or unexpected behavior.
Title		CVE-2026-6068
References		https://github.com/netwide-assembler/nasm/issues/222

Subscriptions

Nasm Nasm Netwide Assembler

MITRE

Status: PUBLISHED

Assigner: certcc

Published: 2026-04-10T13:30:38.420Z

Updated: 2026-04-10T14:56:52.908Z

Reserved: 2026-04-10T13:29:25.329Z

Link: CVE-2026-6068

Vulnrichment

Updated: 2026-04-10T14:56:23.209Z

NVD

Status : Analyzed

Published: 2026-04-10T14:16:38.723

Modified: 2026-04-16T19:48:57.250

Link: CVE-2026-6068

Redhat

Severity :

Publid Date: 2026-04-10T13:30:38Z

Links: CVE-2026-6068 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-13T13:01:26Z

Weaknesses

CWE-416

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object