CVE-2025-1178

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A vulnerability was found in GNU Binutils, affecting the function bfd putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely, but the complexity of an attack is rather high and the exploitation appears to be difficult.

Recommendations To fix this issue, it is recommended to apply a patch, specifically the one with the identifier 75086e9de1707281172cc77f178e7949a4414ed0. As a temporary workaround, consider disabling the bfd putl64 function until a patch is available. Restrict access to the libbfd.c component to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

AZL-56698

AZL-56738

BDU:2025-11821

CVE-2025-1178

ECHO-29B2-9C4E-7DF9

MGASA-2025-0262

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

USN-7423-1

Affected Products

Astra Linux

Debian

Gnu Binutils

Linuxmint

Suse

Ubuntu

CVE-2025-1178

Weakness Enumeration

Related Identifiers

Affected Products

References · 104