Incorrect Access Control in GNU Binutils nm Tool
CVE-2024-57360

7.7HIGH

Key Information:

Vendor: GNU
Status: Binutils
Vendor: CVE Published:; 21 January 2025

Summary

The GNU Binutils nm tool, specifically versions 2.43 and later, is affected by a significant security vulnerability that stems from improper access control within its functionality. This issue can be exploited locally, particularly through the nm --without-symbol-version operation. Attackers leveraging this flaw may gain unauthorized access to sensitive data, compromising system integrity and security.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=32467

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 9, 2025