PT-2025-6049 · Gnu+2 · Gnu Binutils+2
孙文举
·
Publicado
2025-02-10
·
Atualizado
2025-12-12
·
CVE-2025-1149
CVSS v3.1
3.1
Baixa
| Vetor | AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L |
Name of the Vulnerable Software and Affected Versions
GNU Binutils version 2.43
Description
A memory leak vulnerability has been found in the ld component of GNU Binutils, specifically affecting the
xstrdup function in the libiberty/xmalloc.c file. This issue can be exploited remotely, with a relatively high complexity of attack. The exploitability is considered difficult. The vulnerability allows for a memory leak, which can be initiated remotely.Recommendations
To fix this issue, it is recommended to apply a patch. The code maintainer has fixed all reported leaks in the binutils master branch, but has not committed these fixes to the 2.44 branch due to concerns about destabilizing ld. As a temporary workaround, consider restricting the use of the
xstrdup function in the affected ld component until a patch is available.Exploit
Correção
Improper Resource Release
Memory Leak
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Debian
Gnu Binutils
Suse