CVE-2025-8844
BaseFortify
Publication date: 2025-08-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nasm | netwide_assembler | 2.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8844 is a vulnerability in NASM (Netwide Assembler) version 2.17rc0, specifically in the function parse_smacro_template within the preprocessor module. The issue is caused by insufficient validation of pointer values when parsing malformed macro template definitions, such as those with invalid radix specifiers or malformed parameter syntax. This leads to a null pointer dereference, causing the program to crash with a segmentation fault (SIGSEGV). The vulnerability requires local access to exploit and can be triggered by crafted macro template inputs, resulting in denial of service by crashing NASM. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by causing NASM to crash unexpectedly when processing maliciously crafted macro templates. Since NASM is an assembler used in software development and build processes, exploitation of this vulnerability leads to denial of service, interrupting assembly operations and potentially halting development or build pipelines. The vulnerability does not affect confidentiality or integrity but impacts availability. Exploitation requires local access, and a proof-of-concept exploit is publicly available. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by reproducing the crash using the provided proof-of-concept (PoC) files that contain malformed macro template definitions triggering the null pointer dereference in NASM. Detection involves compiling NASM with AddressSanitizer enabled and running NASM on the PoC files, which causes a segmentation fault. Example commands include: 1. Compile NASM with AddressSanitizer enabled. 2. Run: nasm -f dbg POC_nasm_segmentation_fault_parse_smacro_template_1 3. Or run: nasm -f dbg -e POC_nasm_segmentation_fault_parse_smacro_template_2 4. Or run: nasm -f dbg POC_nasm_segmentation_fault_parse_smacro_template_3 If NASM crashes with a segmentation fault, the vulnerability is present. These commands test the vulnerability locally as it requires local access to exploit. [2, 3, 4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of NASM version 2.17rc0 and the affected master branch until a fixed version is released. Since no known countermeasures or patches are currently available, it is recommended to replace the affected NASM software with an alternative assembler or an earlier unaffected version if possible. Additionally, restrict local access to systems running the vulnerable NASM version to prevent exploitation. Monitoring for updates or patches from the NASM project is advised. [1]