CVE-2025-1152

EUVD-2025-2027
A vulnerability classified as problematic has been found in GNU Binutils 2.43. Affected is the function xstrdup of the file xstrdup.c of the component ld. The manipulation leads to memory leak. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.1 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
Affected Products (NVD)
VendorProductVersion
gnubinutils
2.43
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
binutils
bookworm
unimportant
bullseye
unimportant
forky
2.46-3
fixed
sid
2.46-3
fixed
trixie
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
binutils
suse enterprise desktop 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise desktop 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP2
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP3
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP4
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP5
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP7
2.45-150100.7.57.1
fixed
binutils-devel
suse enterprise desktop 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise desktop 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP2
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP3
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP4
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP5
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP7
2.45-150100.7.57.1
fixed
binutils-devel-32bit
suse enterprise desktop 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise desktop 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP2
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP3
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP4
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP5
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP7
2.45-150100.7.57.1
fixed
libctf-nobfd0
suse enterprise desktop 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise desktop 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP2
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP3
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP4
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP5
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP7
2.45-150100.7.57.1
fixed
libctf0
suse enterprise desktop 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise desktop 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise sap 15 SP7
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP2
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP3
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP4
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP5
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP6
2.45-150100.7.57.1
fixed
suse enterprise server 15 SP7
2.45-150100.7.57.1
fixed
libucm-devel
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libucm0
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libucp-devel
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libucp0
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libucs-devel
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libucs0
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libuct-devel
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
libuct0
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
openucx-tools
suse enterprise desktop 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise desktop 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise sap 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise sap 15 SP7
1.17.0-150700.4.2.7
fixed
suse enterprise server 15 SP2
1.6.0-150200.3.2.1
fixed
suse enterprise server 15 SP3
1.9.0-150300.4.2.5
fixed
suse enterprise server 15 SP4
1.11.1-150400.4.2.1
fixed
suse enterprise server 15 SP5
1.13.1-150500.4.2.5
fixed
suse enterprise server 15 SP6
1.15.0-150600.3.5.2
fixed
suse enterprise server 15 SP7
1.17.0-150700.4.2.7
fixed
perf
suse enterprise server 15 SP2
5.3.18-150200.25.11.1
fixed
suse enterprise server 15 SP3
5.3.18-150300.38.7.1
fixed
suse enterprise server 15 SP4
5.14.21-150400.44.20.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.52.5.1
fixed
perf-devel
suse enterprise server 15 SP4
5.14.21-150400.44.20.1
fixed
suse enterprise server 15 SP5
5.14.21-150500.52.5.1
fixed
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://sourceware.org/bugzilla/attachment.cgi?id=15887
https://sourceware.org/bugzilla/show_bug.cgi?id=32576
https://vuldb.com/?ctiid.295056
https://vuldb.com/?id.295056
https://www.gnu.org/