{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6069", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-04-10T13:29:59.611Z", "datePublished": "2026-04-10T13:30:48.302Z", "dateUpdated": "2026-04-10T14:53:37.082Z"}, "containers": {"cna": {"title": "CVE-2026-6069", "descriptions": [{"lang": "en", "value": "NASM\u2019s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "NASM", "product": "NASM", "versions": [{"status": "affected", "version": "nasm-3.02rc5"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/217"}], "x_generator": {"engine": "VINCE 3.0.35", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6069"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-10T13:30:48.302Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T14:53:15.700852Z", "id": "CVE-2026-6069", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T14:53:37.082Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-6069", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T14:53:15.700852Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T14:53:32.866Z"}}], "cna": {"title": "CVE-2026-6069", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "NASM", "product": "NASM", "versions": [{"status": "affected", "version": "nasm-3.02rc5"}]}], "references": [{"url": "https://github.com/netwide-assembler/nasm/issues/217"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.35", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-6069"}, "descriptions": [{"lang": "en", "value": "NASM\u2019s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-121: Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-04-10T13:30:48.302Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6069", "state": "PUBLISHED", "dateUpdated": "2026-04-10T14:53:37.082Z", "dateReserved": "2026-04-10T13:29:59.611Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-04-10T13:30:48.302Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nasm:netwide_assembler:3.02:rc5:*:*:*:*:*:*", "matchCriteriaId": "EA22EDB2-D094-433E-887D-A211FEC02A90", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NASM\u2019s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity."}], "id": "CVE-2026-6069", "lastModified": "2026-04-16T19:48:48.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-10T14:16:38.820", "references": [{"source": "cret@cert.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/netwide-assembler/nasm/issues/217"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "nasm: NASM: Arbitrary code execution via stack-based buffer overflow in `disasm()`", "id": "2457291", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457291"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H", "status": "draft"}, "cwe": "CWE-120", "details": ["A flaw was found in NASM. The `disasm()` function contains a stack-based buffer overflow, a memory corruption vulnerability. A remote attacker can exploit this by providing specially crafted input, leading to an out-of-bounds write when the `slen` value exceeds the buffer capacity during disassembly output formatting. This can result in arbitrary code execution."], "name": "CVE-2026-6069", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "nasm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-10T13:30:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-6069\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-6069\nhttps://github.com/netwide-assembler/nasm/issues/217"], "statement": "This IMPORTANT flaw in NASM's `disasm()` function allows arbitrary code execution through a stack-based buffer overflow when processing specially crafted input. Red Hat products are generally not affected by this vulnerability in their default configurations, as NASM is primarily a development tool and not typically exposed to untrusted external input in production environments. Exploitation would require an attacker to provide malicious input to a system actively using NASM for disassembly.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "nasm-3.02rc5"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "NASM", "source": "cna", "vendor": "NASM"}, "product": "nasm", "vendor": "nasm"}], "analysis": {"en": {"generated_at": "2026-04-17T09:50:55.736500+00:00", "value": {"mitigation_remediation": ["Apply the latest NASM release that incorporates the hotfix for the disasm buffer overflow.", "Validate or constrain the slen value passed to disasm() to ensure it does not exceed the expected buffer size.", "Restrict the use of disasm() to trusted input and avoid processing unsigned or untrusted assembly streams.", "Monitor logs for abnormal disassemble activity and keep the system updated with vendor security advisories."], "summary": {"action": "Immediate patch", "impact": "Memory corruption"}, "threat_synthesis": {"affected_systems": "NASM, the Netwide Assembler, is affected. The CVE explicitly lists version 3.02 rc5 as vulnerable; other releases that share the same vulnerable build of disasm() should be considered at risk until a patch is applied.", "description_and_impact": "NASM\u2019s disasm() function contains a stack\u2011based buffer overflow when formatting disassembly output. The overflow occurs if the slen parameter exceeds the internal buffer, causing an out\u2011of\u2011bounds write on the stack. This flaw can corrupt memory and, based on the nature of the overflow, it is inferred that an attacker could potentially execute arbitrary code or compromise the integrity of the running program.", "risk_and_exploitability": "The CVSS score of 7.5 indicates medium to high severity, while the EPSS score of less than 1% suggests it is unlikely to be widely exploited at present. The vulnerability is not included in the CISA KEV catalog, indicating no currently observed widespread exploitation. Exploitation would require an attacker to supply a disassembly string with a slen large enough to overflow the stack; this is inferred to be achievable through local or remote code that calls disasm() on untrusted input."}}}}, "created": "2026-04-10T14:40:40.792003+00:00", "title": "Stack-based Buffer Overflow in NASM Disassembly Function", "updated": "2026-04-17T10:00:03.567096+00:00", "vendors": ["nasm", "nasm$PRODUCT$nasm"]}