CVE-2020-24978

CRITICAL

Nasm Netwide Assembler - Double Free

Title source: rule

Description

In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.

References (1)

[Exploit, Issue Tracking, Vendor Advisory] https://bugzilla.nasm.us/show_bug.cgi?id=3392712

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 61.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (1)

nasm/netwide_assembler

Timeline

Published Sep 04, 2020

Tracked Since Feb 18, 2026