A heap buffer overflow in NASM could allow an attacker to execute arbitrary code or cause a crash by providing a specially crafted input file.

This vulnerability resides in the obj_directive() function, which fails to correctly validate input boundaries, leading to a heap buffer overflow when processing malicious assembler directives.

Exploitation of this heap buffer overflow can result in arbitrary code execution, potentially allowing an attacker to compromise the development or build environment. With a CVSS score of 7.5, this vulnerability is considered a high-risk issue, as it could facilitate the injection of malicious code into compiled binaries, impacting the entire software supply chain.

Immediate Action: Apply the latest security updates provided by the NASM project to patch the buffer overflow vulnerability.

Proactive Monitoring: Review build pipeline logs for unexpected crashes or errors during the assembly process which may indicate exploitation attempts.

Compensating Controls: Run the assembler in an isolated, sandboxed environment with restricted network and file system access to limit the impact of a potential compromise.

Public Exploit Available: false

Security and development teams should prioritize updating their NASM installations. Failure to patch may expose development environments to malicious code execution, which could have downstream effects on all software projects utilizing the vulnerable assembler.