CVE-2025-1371

17.02.2025, 03:15

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDB	CNA	3.3 LOW				CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 16%

Vendor	Product	Version
elfutils_project	elfutils	0.192

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://sourceware.org/bugzilla/attachment.cgi?id=15926

https://sourceware.org/bugzilla/show_bug.cgi?id=32655

https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2

https://vuldb.com/?ctiid.295978

https://vuldb.com/?id.295978

https://vuldb.com/?submit.496484

https://www.gnu.org/

https://sourceware.org/bugzilla/show_bug.cgi?id=32655