Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1g5m-abq3-kfca
Vulnerability ID VCID-1g5m-abq3-kfca
Aliases CVE-2020-24978
Summary In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed in commit 8806c3ca007b84accac21dd88b900fb03614ceb7.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24978.json
epss 0.00413 https://api.first.org/data/v1/epss?cve=CVE-2020-24978
epss 0.00413 https://api.first.org/data/v1/epss?cve=CVE-2020-24978
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24978.json
https://api.first.org/data/v1/epss?cve=CVE-2020-24978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24978
1877786 https://bugzilla.redhat.com/show_bug.cgi?id=1877786
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24978.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.61854
EPSS Score 0.00413
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:03:23.623771+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0