CVE-2025-8845
NASM Netwide Assember nasm.c assemble_file stack-based overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Se identificó una vulnerabilidad en NASM Netwide Assember 2.17rc0. Este problema afecta a la función assemble_file del archivo nasm.c. La manipulación provoca un desbordamiento del búfer en la pila. Es posible lanzar el ataque en el host local. Se ha hecho público el exploit y puede que sea utilizado.
Hierbei geht es um die Funktion assemble_file der Datei nasm.c. Mittels dem Manipulieren mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-08-10 CVE Reserved
- 2025-08-11 CVE Published
- 2025-08-12 CVE Updated
- 2025-08-12 First Exploit
- 2025-08-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-121: Stack-based Buffer Overflow
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://bugzilla.nasm.us/show_bug.cgi?id=3392937 | Issue Tracking | |
| https://vuldb.com/?id.319379 | Technical Description | |
| https://vuldb.com/?submit.623188 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://drive.google.com/file/d/1pEQb6lcdohWV53DzPPU7kaCCNg-qAaau/view?usp=drive_link | 2025-08-12 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | * | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | * | - |
Affected
| ||||||