CVE-2025-8846 – A stack-based buffer overflow vulnerability exi... (How to Fix)

📋 TL;DR

A stack-based buffer overflow vulnerability exists in NASM Netwide Assembler 2.17rc0's parse_line function in parser.c. This allows local attackers to potentially execute arbitrary code or crash the application. Users who compile or process assembly code with this vulnerable version are affected.

💻 Affected Systems

Products:

NASM Netwide Assembler

Versions: 2.17rc0

Operating Systems: All platforms where NASM is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific release candidate version 2.17rc0

📦 What is this software?

Netwide Assembler by Nasm

View all CVEs affecting Netwide Assembler →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise if NASM is executed with elevated privileges

🟠

Likely Case

Application crash (denial of service) or limited code execution in the context of the user running NASM

🟢

If Mitigated

Minimal impact if NASM runs with minimal privileges and proper sandboxing

🌐 Internet-Facing: LOW - Attack requires local access to the system

🏢 Internal Only: MEDIUM - Could be exploited by malicious insiders or through lateral movement after initial compromise

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details have been publicly disclosed but require local access and specific assembly code manipulation

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.17rc1 or later

Vendor Advisory: https://bugzilla.nasm.us/show_bug.cgi?id=3392938

Restart Required: No

Instructions:

1. Download latest NASM version from official site
2. Uninstall vulnerable version
3. Install patched version
4. Verify installation with 'nasm -v'

🔧 Temporary Workarounds

Avoid processing untrusted assembly files

all

Only use NASM with trusted assembly source code

Run NASM with reduced privileges

Unix/Linux

Execute NASM as non-privileged user to limit potential damage

sudo -u nobody nasm [options]

🧯 If You Can't Patch

Restrict NASM execution to trusted users only
Monitor for abnormal NASM process behavior or crashes

🔍 How to Verify

Check if Vulnerable:

Run 'nasm -v' and check if output contains '2.17rc0'

Check Version:

nasm -v

Verify Fix Applied:

Run 'nasm -v' and confirm version is 2.17rc1 or later

📡 Detection & Monitoring

Log Indicators:

NASM process crashes with segmentation faults
Abnormal termination of compilation processes

Network Indicators:

None - local vulnerability only

SIEM Query:

Process:Name='nasm' AND EventID=1000 (Application Crash)

📊 Metadata

CVE ID: CVE-2025-8846

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.03% exploit probability (8.8th percentile)

Published: August 11, 2025

Last Updated: September 15, 2025

🔗 References

https://bugzilla.nasm.us/show_bug.cgi?id=3392938 Exploit,Issue Tracking,Vendor Advisory
https://drive.google.com/file/d/1MQGtdnz58vRF2fAeJMJ4VGiBQWXpnqfy/view?usp=drive_link Exploit
https://vuldb.com/?ctiid.319380 Permissions Required,VDB Entry
https://vuldb.com/?id.319380 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.623189 Exploit,Third Party Advisory,VDB Entry
https://bugzilla.nasm.us/show_bug.cgi?id=3392938 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?submit.623189 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8846, you might also want to check these: