{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6067", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-04-10T13:26:16.675Z", "datePublished": "2026-04-10T13:30:26.140Z", "dateUpdated": "2026-04-10T14:58:07.818Z"}, "containers": {"cna": {"title": "CVE-2026-6067", "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "NASM", "product": "NASM", "versions": [{"status": "affected", "version": "nasm-3.02rc5"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write"}]}], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/203"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6067"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-10T13:30:26.140Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T14:57:25.595690Z", "id": "CVE-2026-6067", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T14:58:07.818Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-6067", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T14:57:25.595690Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T14:57:45.406Z"}}], "cna": {"title": "CVE-2026-6067", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "NASM", "product": "NASM", "versions": [{"status": "affected", "version": "nasm-3.02rc5"}]}], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/203"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.35", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6067"}, "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-787: Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-10T13:30:26.140Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6067", "state": "PUBLISHED", "dateUpdated": "2026-04-10T14:58:07.818Z", "dateReserved": "2026-04-10T13:26:16.675Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-04-10T13:30:26.140Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nasm:netwide_assembler:3.02:rc5:*:*:*:*:*:*", "matchCriteriaId": "EA22EDB2-D094-433E-887D-A211FEC02A90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution."}], "id": "CVE-2026-6067", "lastModified": "2026-04-23T18:34:03.253", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-10T14:16:38.620", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/netwide-assembler/nasm/issues/203"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nasm: Netwide Assembler (NASM): Arbitrary code execution via malicious assembly file processing", "id": "2457289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457289"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in Netwide Assembler (NASM). This heap buffer overflow vulnerability, stemming from insufficient bounds checking, allows a user to execute arbitrary code by assembling a specially crafted malicious assembly (.asm) file. Successful exploitation can lead to unauthorized command execution, heap memory corruption, and denial of service, potentially causing system instability or crashes."], "name": "CVE-2026-6067", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-10T13:30:26Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6067\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6067\nhttps://github.com/netwide-assembler/nasm/issues/203"], "statement": "An IMPORTANT heap buffer overflow in Netwide Assembler (NASM) can lead to arbitrary code execution. This flaw requires a local attacker to provide a specially crafted assembly file for processing. Red Hat Enterprise Linux systems are affected if NASM is used to assemble untrusted .asm files.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "nasm-3.02rc5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "NASM", "source": "cna", "vendor": "NASM"}, "product": "nasm", "vendor": "nasm"}], "analysis": {"en": {"generated_at": "2026-04-17T08:59:50.595189+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest NASM release that includes the fix.", "If an upgrade is not immediately possible, restrict execution of NASM to trusted source files and prevent untrusted users from providing assembly files.", "Monitor NASM usage for abnormal assembly activity and consider disabling automatic assembly of untrusted code until a patch is applied."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Netwide Assembler (NASM). The advisory does not list specific affected versions, so users should refer to the vendor\u2019s release notes or security bulletin for version details. The issue applies to installations that compile or assemble code on a local machine or within build environments.", "description_and_impact": "A heap buffer overflow exists in Netwide Assembler's obj_directive() function due to omitted bounds checking. When an attacker supplies a specially crafted assembly file, the overflow can corrupt heap memory, trigger a crash, or enable arbitrary code execution. The weakness corresponds to CWE\u2011120, Buffer Copy without Checking Size of Input, and CWE\u2011787, Buffer Access with Improper Check.", "risk_and_exploitability": "The CVSS score of 7.5 indicates high severity, while the EPSS score of less than 1% suggests a low likelihood of current exploitation. The vulnerability is not listed in CISA's KEV catalog. Exploitation requires the ability to run NASM on a system with access to an attacker\u2011crafted assembly file; therefore the attack vector is likely local or depends on user privileges, but could be amplified in CI/CD pipelines that automatically assemble untrusted code."}}}}, "created": "2026-04-10T14:40:42.898238+00:00", "title": "Heap Buffer Overflow in NASM Allowing Code Execution", "updated": "2026-04-17T09:00:10.992799+00:00", "vendors": ["nasm", "nasm$PRODUCT$nasm"]}