CVE-2025-1147

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A problem has been found in the function sanitizer::internal strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

Recommendations For GNU Binutils version 2.43, as a temporary workaround, consider restricting access to the function sanitizer::internal strlen until a patch is available. Additionally, be cautious when using the const argument to minimize the risk of buffer overflow exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-120

Related Identifiers

AZL-56603

AZL-56640

BDU:2026-02736

CVE-2025-1147

ECHO-26E5-773A-F5F8

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

USN-7847-1

Affected Products

Debian

Gnu Binutils

Linuxmint

Suse

Ubuntu

CVE-2025-1147

Weakness Enumeration

Related Identifiers

Affected Products

References · 106