Heap Buffer Overflow in Netwide Assembler Affects Version Functionality
CVE-2026-6067

7.5HIGH

Key Information:

Vendor: Nasm
Status: Nasm
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-6067?

A vulnerability in the Netwide Assembler (NASM) arises from insufficient bounds checking in the obj_directive() function, enabling attackers to exploit this flaw by crafting malicious .asm files. Successful exploitation may lead to heap memory corruption, potential application crashes, and arbitrary code execution, posing significant risks to system integrity.

Affected Version(s)

NASM nasm-3.02rc5

References

https://github.com/netwide-assembler/nasm/issues/203

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-6067 Data

JSON

Nasm

What is CVE-2026-6067?

Affected Version(s)

References

CVSS V3.1

Timeline