CVE-2025-1151

CWE-401 — Memory Leak CWE-404 CWE-772 CWE-787 — Out-of-bounds Write8 documents7 sources

Severity

2.3LOW

EPSS

0.0%

top 85.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedFeb 10

Latest updateFeb 11

Description

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory leak. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit …

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶Debianbinutils< 2.45-3

▶CVEListV5gnu/binutils2.43

▶NVDgnu/binutils2.43

🔴Vulnerability Details

GHSA

GHSA-48g3-p48m-mx96: A vulnerability was found in GNU Binutils 2↗2025-02-10

▶

CVEList

GNU Binutils ld xmemdup.c xmemdup memory leak↗2025-02-10

▶

OSV

CVE-2025-1151: A vulnerability was found in GNU Binutils 2↗2025-02-10

▶

📋Vendor Advisories

Microsoft

GNU Binutils ld xmemdup.c xmemdup memory leak↗2025-02-11

▶

Red Hat

binutils: GNU Binutils ld xmemdup.c xmemdup memory leak↗2025-02-10

▶

Debian

CVE-2025-1151: binutils - A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic...↗2025

▶

Microsoft

Kernel: stack overflow problem in open vswitch kernel module leading to dos↗2024-02-13

▶