PT-2025-6044 · Gnu+4 · Gnu Binutils+4

Wenjusun

Publicado

2025-01-14

Atualizado

2026-04-20

CVE-2025-1147

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A problem has been found in the function sanitizer::internal strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

Recommendations For GNU Binutils version 2.43, as a temporary workaround, consider restricting access to the function sanitizer::internal strlen until a patch is available. Additionally, be cautious when using the const argument to minimize the risk of buffer overflow exploitation.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-120

Identificadores relacionados

AZL-56603

AZL-56640

BDU:2026-02736

CVE-2025-1147

ECHO-26E5-773A-F5F8

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

USN-7847-1

Produtos afetados

Debian

Gnu Binutils

Linuxmint

Suse

Ubuntu

PT-2025-6044 · Gnu+4 · Gnu Binutils+4

CVE-2025-1147

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 106