CVE-2025-5245

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
5.3 MEDIUM
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
gnubinutils
𝑥
< 2.45
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
questing
not-affected
plucky
Fixed 2.44-3ubuntu1.1
released
oracular
ignored
noble
Fixed 2.42-4ubuntu2.6
released
jammy
Fixed 2.38-4ubuntu2.10
released
focal
Fixed 2.34-6ubuntu1.11+esm1
released
bionic
Fixed 2.30-21ubuntu1~18.04.9+esm5
released
xenial
Fixed 2.26.1-1ubuntu1~16.04.8+esm13
released
trusty
Fixed 2.24-5ubuntu14.2+esm7
released
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/attachment.cgi?id=16004
https://sourceware.org/bugzilla/show_bug.cgi?id=32829
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6c3458a8b7ee7d39f070c7b2350851cb2110c65a
https://vuldb.com/?ctiid.310347
https://vuldb.com/?id.310347
https://vuldb.com/?submit.584635
https://www.gnu.org/