CVE-2025-8846: 
Linux Debian vulnerability analysis and mitigation

A stack buffer overflow vulnerability has been discovered in NASM (Netwide Assembler) version 2.17rc0, specifically affecting the parseline function within parser.c. The vulnerability was disclosed on August 11, 2025, and has been assigned CVE-2025-8846. The issue occurs when processing assembly language lines with unexpected formatting or content, where stack-allocated parsing buffers are accessed beyond their boundaries (NIST NVD, [Bugzilla Report](https://bugzilla.nasm.us/showbug.cgi?id=3392938)).

The vulnerability is located in the parse_line function at line 1296 of parser.c. When processing malformed assembly syntax, the function performs a READ operation of size 8 bytes beyond the allocated stack buffer boundary, leading to stack corruption. The vulnerability has received a CVSS v4.0 score of 4.8 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P, and a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L (NIST NVD).

The buffer overflow vulnerability can lead to stack corruption and unpredictable program behavior. It potentially allows reading from adjacent stack memory, which could expose sensitive data or cause program crashes. The attack requires local access to be executed (Bugzilla Report).

As of the disclosure date, there is no official patch available for this vulnerability. Users are advised to monitor the NASM project for security updates. The vulnerability can be detected using AddressSanitizer during compilation (Bugzilla Report).