CVE-2024-25260

Name of the Vulnerable Software and Affected Versions elfutils version 0.189

Description The issue is related to a NULL pointer dereference via the handle verdef() function at readelf.c in the elfutils utility for modifying and analyzing ELF binary files. This can potentially lead to a buffer overflow in memory. Exploitation of the issue may allow an attacker to cause a denial of service.

Recommendations For elfutils version 0.189, consider disabling the handle verdef() function as a temporary workaround until a patch is available. Restrict access to the readelf.c component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.