CVE-2025-1147

EUVD-2025-2022

10.02.2025, 14:15

A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 20%

Affected Products (NVD)

Vendor	Product	Version
gnu	binutils	2.43

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

binutils

bookworm	unimportant
bullseye	unimportant
forky	2.46-3 fixed
sid	2.46-3 fixed
trixie	unimportant

openSUSE / SLES Releases

openSUSE Product

Release

binutils

suse enterprise desktop 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise desktop 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP2	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP3	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP4	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP5	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP7	2.45-150100.7.57.1 fixed

binutils-devel

suse enterprise desktop 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise desktop 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP2	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP3	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP4	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP5	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP7	2.45-150100.7.57.1 fixed

binutils-devel-32bit

suse enterprise desktop 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise desktop 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP2	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP3	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP4	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP5	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP7	2.45-150100.7.57.1 fixed

libctf-nobfd0

suse enterprise desktop 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise desktop 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP2	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP3	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP4	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP5	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP7	2.45-150100.7.57.1 fixed

libctf0

suse enterprise desktop 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise desktop 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise sap 15 SP7	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP2	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP3	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP4	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP5	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP6	2.45-150100.7.57.1 fixed
suse enterprise server 15 SP7	2.45-150100.7.57.1 fixed

libucm-devel

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libucm0

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libucp-devel

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libucp0

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libucs-devel

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libucs0

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libuct-devel

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

libuct0

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

openucx-tools

suse enterprise desktop 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise desktop 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise sap 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise sap 15 SP7	1.17.0-150700.4.2.7 fixed
suse enterprise server 15 SP2	1.6.0-150200.3.2.1 fixed
suse enterprise server 15 SP3	1.9.0-150300.4.2.5 fixed
suse enterprise server 15 SP4	1.11.1-150400.4.2.1 fixed
suse enterprise server 15 SP5	1.13.1-150500.4.2.5 fixed
suse enterprise server 15 SP6	1.15.0-150600.3.5.2 fixed
suse enterprise server 15 SP7	1.17.0-150700.4.2.7 fixed

perf

suse enterprise server 15 SP2	5.3.18-150200.25.11.1 fixed
suse enterprise server 15 SP3	5.3.18-150300.38.7.1 fixed
suse enterprise server 15 SP4	5.14.21-150400.44.20.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.52.5.1 fixed

perf-devel

suse enterprise server 15 SP4	5.14.21-150400.44.20.1 fixed
suse enterprise server 15 SP5	5.14.21-150500.52.5.1 fixed

Known Exploits!

Common Weakness Enumeration

References

https://sourceware.org/bugzilla/attachment.cgi?id=15881

https://sourceware.org/bugzilla/show_bug.cgi?id=32556

https://vuldb.com/?ctiid.295051

https://vuldb.com/?id.295051

https://vuldb.com/?submit.485254

https://www.gnu.org/

https://security.netapp.com/advisory/ntap-20250404-0003/