SB2025040818 - Multiple vulnerabilities in GNU Binutils
Published: April 8, 2025 Updated: August 22, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2025-1153)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the bfd_set_format() function in format.c. A local user can trigger memory corruption and execute arbitrary code on the target system.
2) Buffer overflow (CVE-ID: CVE-2025-5244)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the elf_gc_sweep() function in bfd/elflink.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
3) Buffer overflow (CVE-ID: CVE-2025-5245)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the debug_type_samep() function in /binutils/debug.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
4) NULL pointer dereference (CVE-ID: CVE-2025-8224)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bfd_elf_get_str_section() function in bfd/elf.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://security.netapp.com/advisory/ntap-20250404-0005/
- https://sourceware.org/bugzilla/show_bug.cgi?id=32603
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150
- https://vuldb.com/?ctiid.295057
- https://sourceware.org/bugzilla/attachment.cgi?id=16010
- https://sourceware.org/bugzilla/show_bug.cgi?id=32858
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5
- https://vuldb.com/?ctiid.310346
- https://vuldb.com/?id.310346
- https://vuldb.com/?submit.584634
- https://sourceware.org/bugzilla/attachment.cgi?id=16004
- https://sourceware.org/bugzilla/show_bug.cgi?id=32829
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a
- https://vuldb.com/?ctiid.310347
- https://vuldb.com/?id.310347
- https://vuldb.com/?submit.584635
- https://sourceware.org/bugzilla/attachment.cgi?id=15680
- https://sourceware.org/bugzilla/show_bug.cgi?id=32109
- https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530
- https://vuldb.com/?ctiid.317812
- https://vuldb.com/?id.317812
- https://vuldb.com/?submit.621878