CVE-2025-8224

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
gnubinutils
2.44
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
binutils
bullseye
unimportant
bookworm
unimportant
trixie
2.44-3
fixed
forky
2.45-6
fixed
sid
2.45-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
binutils
plucky
needs-triage
noble
needs-triage
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
not-affected
trusty
needs-triage
Common Weakness Enumeration
References
https://sourceware.org/bugzilla/attachment.cgi?id=15680
https://sourceware.org/bugzilla/show_bug.cgi?id=32109
https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530
https://vuldb.com/?ctiid.317812
https://vuldb.com/?id.317812
https://vuldb.com/?submit.621878
https://www.gnu.org/