CVE-2025-8842

NASM Netwide Assember preproc.c do_directive use after free

CVSS 4.8 MEDIUMEPSS 0.2%CWE-119 CWE-416

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Aug 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Affected products

NASM · Netwide Assember

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://bugzilla.nasm.us/show_bug.cgi?id=3392933 https://drive.google.com/file/d/11vEV1vMHXO4BrDGhvWAMm0Qo1woiUwVV/view?usp=drive_link https://vuldb.com/?ctiid.319376 https://vuldb.com/?id.319376 https://vuldb.com/?submit.623184