CVE-2025-1352Improper Restriction of Operations within the Bounds of a Memory Buffer in Elfutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
2.3LOWNVD
EPSS
0.1%
top 68.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU ElfutilsElfutils Project Elfutils
Timeline
PublishedFeb 16

Description

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab2

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5gnu/elfutils0.192

🔴Vulnerability Details

3
OSV
CVE-2025-1352: A vulnerability has been found in GNU elfutils 02025-02-16
GHSA
GHSA-25fr-9mxc-qjvr: A vulnerability has been found in GNU elfutils 02025-02-16
CVEList
GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption2025-02-16

📋Vendor Advisories

3
Red Hat
elfutils: GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption2025-02-16
Microsoft
GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption2025-02-11
Debian
CVE-2025-1352: elfutils - A vulnerability has been found in GNU elfutils 0.192 and classified as critical....2025
CVE-2025-1352 — GNU Elfutils vulnerability | cvebase