CVE-2024-25260

CWE-476NULL Pointer DereferenceCWE-119Buffer Overflow9 documents8 sources
Severity
4.0MEDIUM
EPSS
0.0%
top 97.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elfutils Project Elfutils
Timeline
PublishedFeb 20
Latest updateMar 24

Description

elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages2 packages

Ubuntuelfutils< 0.186-1ubuntu0.1+1

🔴Vulnerability Details

4
OSV
elfutils vulnerabilities2025-03-24
CVEList
CVE-2024-25260: elfutils v02024-02-20
GHSA
GHSA-c5x5-p58w-fxgh: elfutils v02024-02-20
OSV
CVE-2024-25260: elfutils v02024-02-20

📋Vendor Advisories

4
Ubuntu
elfutils vulnerabilities2025-03-24
Red Hat
elfutils: global-buffer-overflow exists in the function ebl_machine_flag_name in eblmachineflagname.c2024-02-20
Microsoft
elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.2024-02-13
Debian
CVE-2024-25260: elfutils - elfutils v0.189 was discovered to contain a NULL pointer dereference via the han...2024