CVE-2025-1153 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-366 — Race Condition within a Thread12 documents7 sources

Severity

2.3LOWNVD

EPSS

0.1%

top 75.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedFeb 10

Latest updateDec 1

Description

A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. Affected by this vulnerability is the function bfd_set_format of the file format.c. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 2.45 is able to address this issue. The identifier of the patch is 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. It is recommended to upgrade the affect…

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

▶Debiangnu/binutils< 2.45-3

▶Ubuntugnu/binutils< 2.34-6ubuntu1.11+2

▶CVEListV5gnu/binutils2.43, 2.44+1

▶NVDgnu/binutils2.43, 2.44+1

Patches

Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2025-04-29

▶

OSV

binutils vulnerabilities↗2025-04-07

▶

GHSA

GHSA-3frg-24qp-xxv2: A vulnerability classified as problematic was found in GNU Binutils 2↗2025-02-10

▶

OSV

CVE-2025-1153: A vulnerability classified as problematic was found in GNU Binutils 2↗2025-02-10

▶

CVEList

GNU Binutils format.c bfd_set_format memory corruption↗2025-02-10

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2025-12-01

▶

Ubuntu

GNU binutils vulnerabilities↗2025-04-29

▶

Ubuntu

GNU binutils vulnerabilities↗2025-04-07

▶

Red Hat

binutils: GNU Binutils format.c bfd_set_format memory corruption↗2025-02-10

▶

Debian

CVE-2025-1153: binutils - A vulnerability classified as problematic was found in GNU Binutils 2.43/2.44. A...↗2025

▶