CVE-2025-8843
Publication date 11 August 2025
Last updated 19 June 2026
Ubuntu priority
Description
A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Why is this CVE low priority?
localhost access is needed
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| nasm | 26.04 LTS resolute |
Needs evaluation
|
| 25.10 questing |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored end of ESM support, was needs-triage |
Severity score breakdown
CVSS version:
Base score
4.8 · Medium
Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Base score
5.3 · Medium
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-8843
- https://bugzilla.nasm.us/show_bug.cgi?id=3392934
- https://drive.google.com/file/d/1JRHWdjW6FGHDV0CMJe8VinmCQ4vP9ZpR/view?usp=drive_link
- https://vuldb.com/?ctiid.319377
- https://vuldb.com/?id.319377
- https://vuldb.com/?submit.623185
- https://vuldb.com/?submit.623186