CVE-2026-6067
Heap Buffer Overflow in NASM obj_directive() Enables Code Execution
Publication date: 2026-04-10
Last updated on: 2026-04-23
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nasm | netwide_assembler | 3.02 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6067 is a heap buffer overflow vulnerability in the Netwide Assembler (NASM) software. It occurs specifically in the obj_directive() function when processing the GROUP directive. The vulnerability arises because the function does not properly check the bounds of heap memory buffers, allowing an out-of-bounds write.
This means that when a user assembles a specially crafted malicious .asm file containing the GROUP directive, it can cause the program to write data beyond the allocated memory area, leading to heap memory corruption.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to several serious impacts including:
- Heap memory corruption, which can destabilize the program.
- Denial of service (crash) of the Netwide Assembler software.
- Potential arbitrary code execution, allowing an attacker to run malicious code on the affected system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by analyzing the use of the Netwide Assembler (NASM) when assembling potentially malicious .asm files that exploit the heap buffer overflow in the obj_directive() function, specifically triggered via the GROUP directive.
A practical detection approach involves using the provided proof-of-concept script named poc_nasm_group_oob.py to test if your NASM installation is vulnerable.
Since the issue occurs during assembly, monitoring NASM processes for crashes or abnormal behavior when processing assembly files containing the GROUP directive can also help detect exploitation attempts.
No specific commands are detailed in the provided resources, but running the proof-of-concept script or testing assembly of files with the GROUP directive could be used as detection methods.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.