CVE-2025-8224

27.07.2025, 06:15

A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDB	CNA	3.3 LOW				CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Debian Releases

Debian Product

Codename

binutils

bullseye	unimportant
bookworm	unimportant
trixie	unimportant
sid	unimportant

Common Weakness Enumeration

CWE-404 - Improper Resource Shutdown or Release
The program does not release or incorrectly releases a resource before it is made available for re-use.

References

https://sourceware.org/bugzilla/attachment.cgi?id=15680

https://sourceware.org/bugzilla/show_bug.cgi?id=32109

https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530

https://vuldb.com/?ctiid.317812

https://vuldb.com/?id.317812

https://vuldb.com/?submit.621878

https://www.gnu.org/