CVE-2025-1176

LOW EPSS 45.1%
Published Feb 11, 20251y ago · Modified Jun 17, 20261w ago
2.3 CVSS 4.0
Low
Find Similar
Published Feb 11, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.

CVSS Details

Base Score
2.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
45.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
CWE-122

Affected Products 1

VendorProductVersionRange
gnubinutils2.43any

References 8

  • security.netapp.com https://security.netapp.com/advisory/ntap-20250411-0007/
  • sourceware.org https://sourceware.org/bugzilla/attachment.cgi?id=15913
    Exploit
  • sourceware.org https://sourceware.org/bugzilla/show_bug.cgi?id=32636
    ExploitIssue TrackingPatch
  • sourceware.org https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814
    Patch
  • vuldb.com https://vuldb.com/?ctiid.295079
    Permissions RequiredThird Party Advisory
  • vuldb.com https://vuldb.com/?id.295079
    Permissions RequiredThird Party Advisory
  • vuldb.com https://vuldb.com/?submit.495329
    ExploitThird Party Advisory
  • gnu.org https://www.gnu.org/
    Product

Remediation

  • sourceware.org https://sourceware.org/bugzilla/show_bug.cgi?id=32636
    ExploitIssue TrackingPatch
  • sourceware.org https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f9978defb6fab0bd8583942d97c112b0932ac814
    Patch