CVE-2025-8842Improper Restriction of Operations within the Bounds of a Memory Buffer in Netwide Assember

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-416Use After Free5 documents5 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 89.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Nasm Netwide AssemberNasm Netwide AssemblerDebian Nasm+6 more
Timeline
PublishedAug 11
Latest updateAug 12

Description

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages9 packages

CVEListV5nasm/netwide_assember2.17rc0
debiandebian/nasm

🔴Vulnerability Details

2
GHSA
GHSA-55c8-h472-8xhp: A vulnerability has been found in NASM Netwide Assember 22025-08-11
OSV
CVE-2025-8842: A vulnerability has been found in NASM Netwide Assember 22025-08-11

📋Vendor Advisories

2
Microsoft
NASM Netwide Assember preproc.c do_directive use after free2025-08-12
Debian
CVE-2025-8842: nasm - A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by thi...2025