PT-2025-6070 · Gnu+2 · Gnu Binutils+2

孙文举

Published

2025-02-10

Updated

2025-12-12

CVE-2025-1150

CVSS v3.1

3.1

Low

Vector

AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A memory leak vulnerability has been found in GNU Binutils, affecting the bfd malloc function of the libbfd.c file in the ld component. The manipulation of this vulnerability can lead to a memory leak. The attack can be initiated remotely, and the complexity of the attack is rather high. The exploitation appears to be difficult. The code maintainer has stated that the reported leaks have been fixed in the binutils master branch.

Recommendations For GNU Binutils version 2.43, apply a patch to fix this issue. As a temporary workaround, consider restricting the use of the bfd malloc function in the libbfd.c file until a patch is available.

Exploit

Fix

Improper Resource Release

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-401

Related Identifiers

AZL-56693

AZL-56719

AZL-56773

AZL-56780

CVE-2025-1150

ECHO-09F7-E6DB-15D0

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

Affected Products

Debian

Gnu Binutils

Suse

PT-2025-6070 · Gnu+2 · Gnu Binutils+2

CVE-2025-1150

Weakness Enumeration

Related Identifiers

Affected Products

References · 88