Search criteria
10 vulnerabilities found for Netwide Assember by NASM
CVE-2025-8846 (GCVE-0-2025-8846)
Vulnerability from cvelistv5 – Published: 2025-08-11 12:32 – Updated: 2025-08-11 19:41
VLAI?
Summary
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8846",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T19:41:03.584509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T19:41:08.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623189"
},
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392938"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es betrifft die Funktion parse_line der Datei parser.c. Mittels Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:32:07.575Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319380 | NASM Netwide Assember parser.c parse_line stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319380"
},
{
"name": "VDB-319380 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319380"
},
{
"name": "Submit #623189 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623189"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392938"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1MQGtdnz58vRF2fAeJMJ4VGiBQWXpnqfy/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:02:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember parser.c parse_line stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8846",
"datePublished": "2025-08-11T12:32:07.575Z",
"dateReserved": "2025-08-10T15:56:03.132Z",
"dateUpdated": "2025-08-11T19:41:08.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8845 (GCVE-0-2025-8845)
Vulnerability from cvelistv5 – Published: 2025-08-11 12:02 – Updated: 2025-08-12 13:43
VLAI?
Summary
A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T15:14:37.918592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T13:43:32.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392937"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Hierbei geht es um die Funktion assemble_file der Datei nasm.c. Mittels dem Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:02:08.301Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319379 | NASM Netwide Assember nasm.c assemble_file stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319379"
},
{
"name": "VDB-319379 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319379"
},
{
"name": "Submit #623188 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623188"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392937"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1pEQb6lcdohWV53DzPPU7kaCCNg-qAaau/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:02:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember nasm.c assemble_file stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8845",
"datePublished": "2025-08-11T12:02:08.301Z",
"dateReserved": "2025-08-10T15:56:00.470Z",
"dateUpdated": "2025-08-12T13:43:32.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8844 (GCVE-0-2025-8844)
Vulnerability from cvelistv5 – Published: 2025-08-11 11:32 – Updated: 2025-08-11 12:12
VLAI?
Summary
A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8844",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:12:03.107236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:12:07.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392936"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623198"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dabei geht es um die Funktion parse_smacro_template der Datei preproc.c. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T11:32:08.340Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319378 | NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319378"
},
{
"name": "VDB-319378 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319378"
},
{
"name": "Submit #623187 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623187"
},
{
"name": "Submit #623196 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623196"
},
{
"name": "Submit #623198 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623198"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392936"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/10TSdMErFTBtLFIwfh_fia635cmtmFuei/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:02:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8844",
"datePublished": "2025-08-11T11:32:08.340Z",
"dateReserved": "2025-08-10T15:55:55.901Z",
"dateUpdated": "2025-08-11T12:12:07.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8843 (GCVE-0-2025-8843)
Vulnerability from cvelistv5 – Published: 2025-08-11 11:02 – Updated: 2025-08-11 12:33
VLAI?
Summary
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8843",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:33:41.039867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:33:44.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392934"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623186"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht dabei um die Funktion macho_no_dead_strip der Datei outmacho.c. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T11:02:09.017Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319377 | NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319377"
},
{
"name": "VDB-319377 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319377"
},
{
"name": "Submit #623185 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623185"
},
{
"name": "Submit #623186 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623186"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392934"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1JRHWdjW6FGHDV0CMJe8VinmCQ4vP9ZpR/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:01:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8843",
"datePublished": "2025-08-11T11:02:09.017Z",
"dateReserved": "2025-08-10T15:55:52.944Z",
"dateUpdated": "2025-08-11T12:33:44.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8842 (GCVE-0-2025-8842)
Vulnerability from cvelistv5 – Published: 2025-08-11 10:32 – Updated: 2025-08-11 12:34
VLAI?
Summary
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8842",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:34:30.315514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:34:33.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392933"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623184"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht hierbei um die Funktion do_directive der Datei preproc.c. Mit der Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T10:32:09.151Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319376 | NASM Netwide Assember preproc.c do_directive use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319376"
},
{
"name": "VDB-319376 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319376"
},
{
"name": "Submit #623184 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623184"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392933"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/11vEV1vMHXO4BrDGhvWAMm0Qo1woiUwVV/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:01:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember preproc.c do_directive use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8842",
"datePublished": "2025-08-11T10:32:09.151Z",
"dateReserved": "2025-08-10T15:42:36.258Z",
"dateUpdated": "2025-08-11T12:34:33.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8846 (GCVE-0-2025-8846)
Vulnerability from nvd – Published: 2025-08-11 12:32 – Updated: 2025-08-11 19:41
VLAI?
Summary
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8846",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T19:41:03.584509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T19:41:08.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623189"
},
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392938"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es betrifft die Funktion parse_line der Datei parser.c. Mittels Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:32:07.575Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319380 | NASM Netwide Assember parser.c parse_line stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319380"
},
{
"name": "VDB-319380 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319380"
},
{
"name": "Submit #623189 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623189"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392938"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1MQGtdnz58vRF2fAeJMJ4VGiBQWXpnqfy/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:02:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember parser.c parse_line stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8846",
"datePublished": "2025-08-11T12:32:07.575Z",
"dateReserved": "2025-08-10T15:56:03.132Z",
"dateUpdated": "2025-08-11T19:41:08.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8845 (GCVE-0-2025-8845)
Vulnerability from nvd – Published: 2025-08-11 12:02 – Updated: 2025-08-12 13:43
VLAI?
Summary
A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8845",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T15:14:37.918592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T13:43:32.950Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392937"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Hierbei geht es um die Funktion assemble_file der Datei nasm.c. Mittels dem Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:02:08.301Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319379 | NASM Netwide Assember nasm.c assemble_file stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319379"
},
{
"name": "VDB-319379 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319379"
},
{
"name": "Submit #623188 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623188"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392937"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1pEQb6lcdohWV53DzPPU7kaCCNg-qAaau/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:02:12.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember nasm.c assemble_file stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8845",
"datePublished": "2025-08-11T12:02:08.301Z",
"dateReserved": "2025-08-10T15:56:00.470Z",
"dateUpdated": "2025-08-12T13:43:32.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8844 (GCVE-0-2025-8844)
Vulnerability from nvd – Published: 2025-08-11 11:32 – Updated: 2025-08-11 12:12
VLAI?
Summary
A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8844",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:12:03.107236Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:12:07.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392936"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623198"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Dabei geht es um die Funktion parse_smacro_template der Datei preproc.c. Durch Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T11:32:08.340Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319378 | NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319378"
},
{
"name": "VDB-319378 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319378"
},
{
"name": "Submit #623187 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623187"
},
{
"name": "Submit #623196 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623196"
},
{
"name": "Submit #623198 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623198"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392936"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/10TSdMErFTBtLFIwfh_fia635cmtmFuei/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:02:10.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8844",
"datePublished": "2025-08-11T11:32:08.340Z",
"dateReserved": "2025-08-10T15:55:55.901Z",
"dateUpdated": "2025-08-11T12:12:07.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8843 (GCVE-0-2025-8843)
Vulnerability from nvd – Published: 2025-08-11 11:02 – Updated: 2025-08-11 12:33
VLAI?
Summary
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8843",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:33:41.039867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:33:44.615Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392934"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623186"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht dabei um die Funktion macho_no_dead_strip der Datei outmacho.c. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T11:02:09.017Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319377 | NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319377"
},
{
"name": "VDB-319377 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319377"
},
{
"name": "Submit #623185 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623185"
},
{
"name": "Submit #623186 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623186"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392934"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1JRHWdjW6FGHDV0CMJe8VinmCQ4vP9ZpR/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:01:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8843",
"datePublished": "2025-08-11T11:02:09.017Z",
"dateReserved": "2025-08-10T15:55:52.944Z",
"dateUpdated": "2025-08-11T12:33:44.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8842 (GCVE-0-2025-8842)
Vulnerability from nvd – Published: 2025-08-11 10:32 – Updated: 2025-08-11 12:34
VLAI?
Summary
A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NASM | Netwide Assember |
Affected:
2.17rc0
|
Credits
xdcao (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8842",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T12:34:30.315514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T12:34:33.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392933"
},
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.623184"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Netwide Assember",
"vendor": "NASM",
"versions": [
{
"status": "affected",
"version": "2.17rc0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "xdcao (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es geht hierbei um die Funktion do_directive der Datei preproc.c. Mit der Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "Use After Free",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T10:32:09.151Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319376 | NASM Netwide Assember preproc.c do_directive use after free",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319376"
},
{
"name": "VDB-319376 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319376"
},
{
"name": "Submit #623184 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623184"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392933"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/11vEV1vMHXO4BrDGhvWAMm0Qo1woiUwVV/view?usp=drive_link"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-10T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-10T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-10T18:01:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "NASM Netwide Assember preproc.c do_directive use after free"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8842",
"datePublished": "2025-08-11T10:32:09.151Z",
"dateReserved": "2025-08-10T15:42:36.258Z",
"dateUpdated": "2025-08-11T12:34:33.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}