CVE-2026-6069
Stack-Based Buffer Overflow in NASM disasm() Function
Publication date: 2026-04-10
Last updated on: 2026-04-16
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nasm | netwide_assembler | 3.02 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6069 is a stack-based buffer overflow vulnerability in the NASM disassembler's output formatting function called disasm().
The issue occurs because the function writes beyond the bounds of the provided output buffer when the variable slen, which tracks the current output length, exceeds the buffer size outbufsize.
Specifically, unchecked writes such as output[slen++] = separator and memcpy operations happen without verifying if there is enough space left in the buffer, leading to an out-of-bounds write.
This can cause a stack-based buffer overflow, which was demonstrated using AddressSanitizer by triggering the overflow with a small output buffer.
How can this vulnerability impact me? :
The primary impact of this vulnerability is a guaranteed crash (denial of service) when the overflow is triggered.
Depending on the environment, compiler, and stack layout, the buffer overflow could lead to memory corruption.
Such memory corruption might allow further exploitation beyond just crashing the program, potentially compromising system stability or security.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by compiling NASM with AddressSanitizer (ASan) enabled and running a proof-of-concept that triggers the disasm() function with a small output buffer.
A suggested approach is to compile NASM using GCC with the following flags: -fsanitize=address -g -O1 -fno-omit-frame-pointer.
Then, run a test that calls disasm() with a small output buffer, for example, a buffer of size 8 bytes and simple instruction bytes such as 0x89, 0xC0, which reliably triggers the overflow.
This method will cause a crash or detect memory corruption if the vulnerability is present.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-6069 in NASM's disasm() function, you should avoid using the disasm() function with untrusted or specially crafted input that could trigger the buffer overflow.
Additionally, ensure that the output buffer provided to disasm() is sufficiently large to prevent the variable slen from exceeding the buffer size, thereby avoiding out-of-bounds writes.
If possible, apply any patches or updates provided by the NASM project that address this buffer overflow issue.
As a temporary measure, consider compiling NASM with AddressSanitizer (ASan) enabled to detect and prevent exploitation attempts during testing or development.