PT-2025-6049 · Gnu+2 · Gnu Binutils+2

孙文举

Published

2025-02-10

Updated

2025-12-12

CVE-2025-1149

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A memory leak vulnerability has been found in the ld component of GNU Binutils, specifically affecting the xstrdup function in the libiberty/xmalloc.c file. This issue can be exploited remotely, with a relatively high complexity of attack. The exploitability is considered difficult. The vulnerability allows for a memory leak, which can be initiated remotely.

Recommendations To fix this issue, it is recommended to apply a patch. The code maintainer has fixed all reported leaks in the binutils master branch, but has not committed these fixes to the 2.44 branch due to concerns about destabilizing ld. As a temporary workaround, consider restricting the use of the xstrdup function in the affected ld component until a patch is available.

Exploit

Fix

Improper Resource Release

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-401

Related Identifiers

AZL-56576

AZL-56591

AZL-56594

AZL-56600

AZL-56615

AZL-56627

AZL-56633

AZL-56636

AZL-56682

CVE-2025-1149

ECHO-F0B7-359E-4A49

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

Affected Products

Debian

Gnu Binutils

Suse

PT-2025-6049 · Gnu+2 · Gnu Binutils+2

CVE-2025-1149

Weakness Enumeration

Related Identifiers

Affected Products

References · 93