CVE-2025-1182Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents9 sources
Severity
2.3LOWNVD
EPSS
0.1%
top 71.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedFeb 11
Latest updateDec 1

Description

A vulnerability, which was classified as critical, was found in GNU Binutils 2.43. Affected is the function bfd_elf_reloc_symbol_deleted_p of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The patch is identified as b425859021d17adf62f06fb904797cf8642986ad. It i

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

Debiangnu/binutils< 2.45-3
Ubuntugnu/binutils< 2.34-6ubuntu1.11+2
CVEListV5gnu/binutils2.43
NVDgnu/binutils2.43

🔴Vulnerability Details

4
OSV
binutils vulnerabilities2025-04-07
CVEList
GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption2025-02-11
GHSA
GHSA-86cq-pffv-q5h2: A vulnerability, which was classified as critical, was found in GNU Binutils 22025-02-11
OSV
CVE-2025-1182: A vulnerability, which was classified as critical, was found in GNU Binutils 22025-02-11

📋Vendor Advisories

6
Ubuntu
GNU binutils vulnerabilities2025-12-01
Ubuntu
GNU binutils vulnerabilities2025-10-29
Ubuntu
GNU binutils vulnerabilities2025-04-07
Microsoft
GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption2025-02-11
Red Hat
binutils: GNU Binutils ld elflink.c bfd_elf_reloc_symbol_deleted_p memory corruption2025-02-11
CVE-2025-1182 — GNU Binutils vulnerability | cvebase