CVE-2025-1372Improper Restriction of Operations within the Bounds of a Memory Buffer in Elfutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer OverflowCWE-918Server-Side Request Forgery9 documents9 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 87.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU ElfutilsElfutils Project Elfutils
Timeline
PublishedFeb 17
Latest updateDec 2

Description

A vulnerability was found in GNU elfutils 0.192. It has been declared as critical. Affected by this vulnerability is the function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf. The manipulation of the argument z/x leads to buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 73db9d2021cab9e23fd734b0a76a612d52a6f1db. It is recommended to apply a patch to fix

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5gnu/elfutils0.192

🔴Vulnerability Details

4
GHSA
Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host2025-12-02
GHSA
GHSA-r49j-8ffh-3gvm: A vulnerability was found in GNU elfutils 02025-02-17
CVEList
GNU elfutils eu-readelf readelf.c print_string_section buffer overflow2025-02-17
OSV
CVE-2025-1372: A vulnerability was found in GNU elfutils 02025-02-17

📋Vendor Advisories

4
Ubuntu
elfutils vulnerabilities2025-03-24
Red Hat
elfutils: GNU elfutils eu-readelf readelf.c print_string_section buffer overflow2025-02-17
Microsoft
GNU elfutils eu-readelf readelf.c print_string_section buffer overflow2025-02-11
Debian
CVE-2025-1372: elfutils - A vulnerability was found in GNU elfutils 0.192. It has been declared as critica...2025
CVE-2025-1372 — GNU Elfutils vulnerability | cvebase