CVE-2025-8844

A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parse_smacro_template of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
nasmnetwide_assembler
2.17:rc0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nasm
bullseye
unimportant
bookworm
unimportant
trixie
unimportant
forky
unimportant
sid
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nasm
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://bugzilla.nasm.us/show_bug.cgi?id=3392936
https://drive.google.com/file/d/10TSdMErFTBtLFIwfh_fia635cmtmFuei/view?usp=drive_link
https://vuldb.com/?ctiid.319378
https://vuldb.com/?id.319378
https://vuldb.com/?submit.623187
https://vuldb.com/?submit.623196
https://vuldb.com/?submit.623198
https://bugzilla.nasm.us/show_bug.cgi?id=3392936
https://vuldb.com/?submit.623198