CVE-2025-8846
BaseFortify
Publication date: 2025-08-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nasm | netwide_assembler | 2.17 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8846 is a stack-based buffer overflow vulnerability in NASM (Netwide Assembler) version 2.17rc0 and the latest master branch. It occurs in the parse_line function of parser.c due to insufficient bounds checking on stack-allocated buffers when parsing assembly language lines. Specifically, when processing malformed or unexpectedly formatted assembly input, the function reads 8 bytes beyond the allocated stack buffer boundary, causing stack corruption, program crashes, and potential exposure of adjacent stack memory. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to stack corruption and program crashes, which may disrupt normal operation of NASM. Additionally, the out-of-bounds read can expose adjacent stack memory, potentially leaking sensitive information. Since the attack requires local access, an attacker with local privileges could exploit this to cause denial of service or gain further access depending on the environment. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to compile a specially crafted malformed assembly file that triggers the stack buffer overflow in the parse_line function of NASM. A proof-of-concept (POC) assembly file named 'POC_nasm_stack_buffer_overflow_parse_line' is available. To detect the vulnerability, compile NASM with AddressSanitizer enabled and run the command: nasm -f elf64 POC_nasm_stack_buffer_overflow_parse_line. If the program crashes with a stack-buffer-overflow error, the vulnerability is present. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding local execution of untrusted or malformed assembly code with vulnerable NASM versions (2.17rc0 and latest master branch). Since the vulnerability requires local access, restrict NASM usage to trusted users only. Additionally, update NASM to a patched version once available. In the meantime, consider compiling NASM without AddressSanitizer for production use to avoid crashes, but be aware this does not fix the underlying vulnerability. [1, 2]