Stack-based Buffer Overflow in NASM Disassembly Output Formatting
CVE-2026-6069

7.5HIGH

Key Information:

Vendor: Nasm
Status: Nasm
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-6069?

The NASM product is affected by a stack-based buffer overflow in its disasm() function. This vulnerability occurs due to improper handling of disassembly output formatting, where an attacker can exploit the buffer capacity by exceeding the slen, resulting in an out-of-bounds write. This flaw could be exploited to execute arbitrary code or crash the application, posing a significant risk to systems utilizing NASM.

Affected Version(s)

NASM nasm-3.02rc5

References

https://github.com/netwide-assembler/nasm/issues/217

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-6069 Data

JSON

Nasm

What is CVE-2026-6069?

Affected Version(s)

References

CVSS V3.1

Timeline