Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6067

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

created 1 month, 2 weeks ago Activity log

Created suggestion 1 month, 2 weeks ago

CVE-2026-6067

A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution.

References

https://github.com/netwide-assembler/nasm/issues/203

Affected products

NASM

==nasm-3.02rc5

Matching in nixpkgs

pkgs.nasm

80x86 and x86-64 assembler designed for portability and modularity

nixos-unstable 3.01
- nixpkgs-unstable 3.01
- nixos-unstable-small 3.01
nixos-25.11 2.16.03
- nixos-25.11-small 2.16.03
- nixpkgs-25.11-darwin 2.16.03

pkgs.nasmfmt

Formatter for NASM source files

nixos-unstable 2022-09-15
- nixpkgs-unstable 2022-09-15
- nixos-unstable-small 2022-09-15
nixos-25.11 2022-09-15
- nixos-25.11-small 2022-09-15
- nixpkgs-25.11-darwin 2022-09-15

pkgs.tree-sitter-grammars.tree-sitter-nasm

Tree-sitter grammar for nasm

nixos-unstable 0-unstable-2024-11-23
- nixpkgs-unstable 0-unstable-2024-11-23
- nixos-unstable-small 0-unstable-2024-11-23

pkgs.vimPlugins.nvim-treesitter-parsers.nasm