CVE-2026-6069
Received Received - Intake
Stack-Based Buffer Overflow in NASM disasm() Function

Publication date: 2026-04-10

Last updated on: 2026-04-16

Assigner: CERT/CC

Description
NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-6069
EUVD
EUVD-2026-21382
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nasm netwide_assembler 3.02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-6069 is a stack-based buffer overflow vulnerability in the NASM disassembler's output formatting function called disasm().

The issue occurs because the function writes beyond the bounds of the provided output buffer when the variable slen, which tracks the current output length, exceeds the buffer size outbufsize.

Specifically, unchecked writes such as output[slen++] = separator and memcpy operations happen without verifying if there is enough space left in the buffer, leading to an out-of-bounds write.

This can cause a stack-based buffer overflow, which was demonstrated using AddressSanitizer by triggering the overflow with a small output buffer.

Detection Guidance

This vulnerability can be detected by compiling NASM with AddressSanitizer (ASan) enabled and running a proof-of-concept that triggers the disasm() function with a small output buffer.

A suggested approach is to compile NASM using GCC with the following flags: -fsanitize=address -g -O1 -fno-omit-frame-pointer.

Then, run a test that calls disasm() with a small output buffer, for example, a buffer of size 8 bytes and simple instruction bytes such as 0x89, 0xC0, which reliably triggers the overflow.

This method will cause a crash or detect memory corruption if the vulnerability is present.

Impact Analysis

The primary impact of this vulnerability is a guaranteed crash (denial of service) when the overflow is triggered.

Depending on the environment, compiler, and stack layout, the buffer overflow could lead to memory corruption.

Such memory corruption might allow further exploitation beyond just crashing the program, potentially compromising system stability or security.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-6069 in NASM's disasm() function, you should avoid using the disasm() function with untrusted or specially crafted input that could trigger the buffer overflow.

Additionally, ensure that the output buffer provided to disasm() is sufficiently large to prevent the variable slen from exceeding the buffer size, thereby avoiding out-of-bounds writes.

If possible, apply any patches or updates provided by the NASM project that address this buffer overflow issue.

As a temporary measure, consider compiling NASM with AddressSanitizer (ASan) enabled to detect and prevent exploitation attempts during testing or development.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6069. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart