CVE-2025-5244

A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
gnubinutils
𝑥
< 2.45
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
questing
not-affected
plucky
Fixed 2.44-3ubuntu1.1
released
oracular
ignored
noble
Fixed 2.42-4ubuntu2.6
released
jammy
Fixed 2.38-4ubuntu2.10
released
focal
Fixed 2.34-6ubuntu1.11+esm1
released
bionic
Fixed 2.30-21ubuntu1~18.04.9+esm5
released
xenial
Fixed 2.26.1-1ubuntu1~16.04.8+esm13
released
trusty
Fixed 2.24-5ubuntu14.2+esm7
released
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/attachment.cgi?id=16010
https://sourceware.org/bugzilla/show_bug.cgi?id=32858
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5
https://vuldb.com/?ctiid.310346
https://vuldb.com/?id.310346
https://vuldb.com/?submit.584634
https://www.gnu.org/