CVE-2025-8845 | THREATINT

Description

A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Hierbei geht es um die Funktion assemble_file der Datei nasm.c. Mittels dem Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.

PUBLISHED Reserved 2025-08-10 | Published 2025-08-11 | Updated 2025-08-12 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 5.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

MEDIUM: 5.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

4.3AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Stack-based Buffer Overflow

Memory Corruption

Product status

2.17rc0

affected

Timeline

2025-08-10:	Advisory disclosed
2025-08-10:	VulDB entry created
2025-08-10:	VulDB entry last update

Credits

xdcao (VulDB User) reporter

References

vuldb.com/?id.319379 (VDB-319379 | NASM Netwide Assember nasm.c assemble_file stack-based overflow) vdb-entry technical-description

vuldb.com/?ctiid.319379 (VDB-319379 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.623188 (Submit #623188 | nasm NASM version 2.17rc0 compiled on Jul 20 2025 and the newest master (888d9ab) Memory Corruption) third-party-advisory

bugzilla.nasm.us/show_bug.cgi?id=3392937 issue-tracking

drive.google.com/...53DzPPU7kaCCNg-qAaau/view?usp=drive_link exploit

cve.org (CVE-2025-8845)

nvd.nist.gov (CVE-2025-8845)

Download JSON