CVE-2025-1147 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120 — Classic Buffer Overflow11 documents9 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 79.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedFeb 10

Latest updateOct 29

Description

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Debiangnu/binutils< 2.45-3

▶CVEListV5gnu/binutils2.43

▶NVDgnu/binutils2.43

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2025-10-29

▶

CVEList

GNU Binutils nm nm.c internal_strlen buffer overflow↗2025-02-10

▶

GHSA

GHSA-73x9-xqqp-w963: A vulnerability has been found in GNU Binutils 2↗2025-02-10

▶

OSV

CVE-2025-1147: A vulnerability has been found in GNU Binutils 2↗2025-02-10

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2025-10-29

▶

Microsoft

GNU Binutils nm nm.c internal_strlen buffer overflow↗2025-02-11

▶

Red Hat

binutils: GNU Binutils nm nm.c internal_strlen buffer overflow↗2025-02-10

▶

Debian

CVE-2025-1147: binutils - A vulnerability has been found in GNU Binutils 2.43 and classified as problemati...↗2025

▶