PT-2025-6077 · Gnu+2 · Gnu Binutils+2

孙文举

Published

2025-02-10

Updated

2025-12-12

CVE-2025-1152

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43

Description A memory leak issue has been found in the xstrdup function of the ld component. This issue can be exploited remotely, but the complexity of an attack is rather high, and the exploitability is difficult. The exploit has been disclosed to the public. The code maintainer has fixed all reported leaks in the binutils master branch.

Recommendations For GNU Binutils version 2.43, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider restricting the use of the xstrdup function in the ld component until a patch is available.

Exploit

Fix

Improper Resource Release

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-401

Related Identifiers

AZL-56567

AZL-56573

AZL-56582

AZL-56597

AZL-56621

AZL-56624

AZL-56643

AZL-56645

AZL-56658

CVE-2025-1152

ECHO-CB40-96F7-51CC

OPENSUSE-SU-2025:15651-1

OPENSUSE-SU-2025:20150-1

SUSE-SU-2025:21195-1

SUSE-SU-2025:21197-1

SUSE-SU-2025:4096-1

Affected Products

Debian

Gnu Binutils

Suse

PT-2025-6077 · Gnu+2 · Gnu Binutils+2

CVE-2025-1152

Weakness Enumeration

Related Identifiers

Affected Products

References · 91