CVE-2025-1377Improper Resource Shutdown or Release in Elfutils

CWE-404Improper Resource Shutdown or Release8 documents8 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 98.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU ElfutilsElfutils Project Elfutils
Timeline
PublishedFeb 17
Latest updateMar 24

Description

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5gnu/elfutils0.192

🔴Vulnerability Details

3
OSV
CVE-2025-1377: A vulnerability, which was classified as problematic, has been found in GNU elfutils 02025-02-17
CVEList
GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service2025-02-17
GHSA
GHSA-grvw-8777-fhq7: A vulnerability, which was classified as problematic, has been found in GNU elfutils 02025-02-17

📋Vendor Advisories

4
Ubuntu
elfutils vulnerabilities2025-03-24
Red Hat
elfutils: GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service2025-02-17
Microsoft
GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service2025-02-11
Debian
CVE-2025-1377: elfutils - A vulnerability, which was classified as problematic, has been found in GNU elfu...2025
CVE-2025-1377 — Improper Resource Shutdown or Release | cvebase