Memory Corruption Vulnerability in GNU Binutils by GNU
CVE-2025-1153

2.3LOW

Key Information:

Vendor: Gnu
Status: Binutils
Vendor: CVE Published:; 10 February 2025

What is CVE-2025-1153?

A memory corruption vulnerability was discovered in GNU Binutils versions 2.43 and 2.44, specifically within the bfd_set_format function in file format.c. This flaw can be exploited remotely, although achieving successful exploitation requires a high level of sophistication. Users are strongly advised to upgrade to version 2.45 to mitigate the risk associated with this vulnerability. The patch addressing this issue is associated with identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150.

Affected Version(s)

Binutils 2.43

Binutils 2.44

References

https://vuldb.com/?id.295057

vdb-entrytechnical-description

https://vuldb.com/?ctiid.295057

signaturepermissions-required

https://vuldb.com/?submit.489991

third-party-advisory

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2025
Vulnerability Reserved
Feb 10, 2025

Credit

wenjusun (VulDB User)

Gnu

What is CVE-2025-1153?

Affected Version(s)

References

CVSS V4

Timeline

Credit