CVE-2025-8842 | THREATINT

Description

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Es geht hierbei um die Funktion do_directive der Datei preproc.c. Mit der Manipulation mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-08-10 | Published 2025-08-11 | Updated 2025-08-11 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Use After Free

Memory Corruption

Product status

2.17rc0

affected

Timeline

2025-08-10:	Advisory disclosed
2025-08-10:	VulDB entry created
2025-08-10:	VulDB entry last update

Credits

xdcao (VulDB User) reporter

References

vuldb.com/?id.319376 (VDB-319376 | NASM Netwide Assember preproc.c do_directive use after free) vdb-entry technical-description

vuldb.com/?ctiid.319376 (VDB-319376 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.623184 (Submit #623184 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption) third-party-advisory

bugzilla.nasm.us/show_bug.cgi?id=3392933 issue-tracking

drive.google.com/...rDGhvWAMm0Qo1woiUwVV/view?usp=drive_link exploit

cve.org (CVE-2025-8842)

nvd.nist.gov (CVE-2025-8842)

Download JSON