Login Sign Up

CVE-2025-8843

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in NASM Netwide Assembler 2.17rc0 allows attackers with local access to potentially execute arbitrary code or cause denial of service. This affects users who compile or process assembly code with vulnerable NASM versions. The vulnerability is in the macho_no_dead_strip function in outmacho.c.

💻 Affected Systems

Products:
  • NASM Netwide Assembler
Versions: 2.17rc0
Operating Systems: All platforms where NASM runs
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects users who compile Mach-O format assembly files with the vulnerable function.

📦 What is this software?

Netwide Assembler by Nasm

View all CVEs affecting Netwide Assembler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via arbitrary code execution.

🟠

Likely Case

Denial of service through application crash when processing malicious assembly files.

🟢

If Mitigated

Limited impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: LOW - Requires local access to exploit, not directly reachable over network.
🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement after initial compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit details have been publicly disclosed but require local access and specific assembly file processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.17rc1 or later

Vendor Advisory: https://bugzilla.nasm.us/show_bug.cgi?id=3392934

Restart Required: No

Instructions:

1. Visit https://www.nasm.us/pub/nasm/releasebuilds/ 2. Download latest version 3. Compile and install following official documentation 4. Replace existing nasm binary

🔧 Temporary Workarounds

Avoid Mach-O compilation

all

Do not use NASM to compile Mach-O format assembly files until patched.

🧯 If You Can't Patch

  • Restrict local access to NASM installation to trusted users only.
  • Monitor for abnormal process crashes or memory usage patterns in NASM processes.

🔍 How to Verify

Check if Vulnerable:

Run 'nasm -v' and check if output shows version 2.17rc0.

Check Version:

nasm -v

Verify Fix Applied:

Run 'nasm -v' and confirm version is 2.17rc1 or later.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault or abnormal termination of nasm processes
  • High memory usage by nasm processes

Network Indicators:

  • Not applicable - local exploitation only

SIEM Query:

Process:name='nasm' AND (EventID=1000 OR MemoryUsage>threshold)

📊 Metadata

CVE ID: CVE-2025-8843
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.04% exploit probability (11.9th percentile)
Published: August 11, 2025
Last Updated: September 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8843, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)