Denial of Service Vulnerability in GNU elfutils Product by GNU
CVE-2025-1377

4.8MEDIUM

Key Information:

Vendor
Gnu
Status
Elfutils
Vendor
CVE Published:
17 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A denial of service vulnerability has been identified in GNU elfutils version 0.192, specifically affecting the gelf_getsymshndx function within the eu-strip component's strip.c file. This vulnerability allows local attackers to manipulate the function to cause a denial of service, potentially disrupting user access or application functionality. The issue has been publicly disclosed, and it is crucial for users to apply the recommended patch (fbf1df9ca286de3323ae541973b08449f8d03aba) to mitigate any risks. Proper action should be undertaken to safeguard systems from potential exploitation.

Affected Version(s)

elfutils 0.192

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-1377 - Proof of Concept

References

https://vuldb.com/?id.295985
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295985
signaturepermissions-required
https://vuldb.com/?submit.497539
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

wenjusun (VulDB User)
.