CVE-2025-1352

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.

CVSS v3 5.0 MEDIUM
CVSS v2.0 5.1 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://sourceware.org/bugzilla/attachment.cgi?id=15923	Broken Link
https://sourceware.org/bugzilla/show_bug.cgi?id=32650	Exploit Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32650#c2	Broken Link
https://vuldb.com/?ctiid.295960	Permissions Required VDB Entry
https://vuldb.com/?id.295960	Third Party Advisory VDB Entry
https://vuldb.com/?submit.495965	Third Party Advisory VDB Entry
https://www.gnu.org/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:elfutils_project:elfutils:0.192:*:*:*:*:*:*:*

History

03 Nov 2025, 20:34

Type	Values Removed	Values Added
CPE		cpe:2.3:a:elfutils_project:elfutils:0.192:::::::*
First Time		Elfutils Project elfutils Elfutils Project
Summary		(es) Se ha encontrado una vulnerabilidad en GNU elfutils 0.192 y se ha clasificado como crítica. Esta vulnerabilidad afecta a la función __libdw_thread_tail en la librería libdw_alloc.c del componente eu-readelf. La manipulación del argumento w provoca una corrupción de la memoria. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. El exploit se ha hecho público y puede utilizarse. El nombre del parche es 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. Se recomienda aplicar un parche para solucionar este problema.
References	~~() https://sourceware.org/bugzilla/attachment.cgi?id=15923 -~~	() https://sourceware.org/bugzilla/attachment.cgi?id=15923 - Broken Link
References	~~() https://sourceware.org/bugzilla/show_bug.cgi?id=32650 -~~	() https://sourceware.org/bugzilla/show_bug.cgi?id=32650 - Exploit, Issue Tracking
References	~~() https://sourceware.org/bugzilla/show_bug.cgi?id=32650#c2 -~~	() https://sourceware.org/bugzilla/show_bug.cgi?id=32650#c2 - Broken Link
References	~~() https://vuldb.com/?ctiid.295960 -~~	() https://vuldb.com/?ctiid.295960 - Permissions Required, VDB Entry
References	~~() https://vuldb.com/?id.295960 -~~	() https://vuldb.com/?id.295960 - Third Party Advisory, VDB Entry
References	~~() https://vuldb.com/?submit.495965 -~~	() https://vuldb.com/?submit.495965 - Third Party Advisory, VDB Entry
References	~~() https://www.gnu.org/ -~~	() https://www.gnu.org/ - Product

16 Feb 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-16 15:15

Updated : 2025-11-03 20:34

NVD link : CVE-2025-1352

Mitre link : CVE-2025-1352

CVE.ORG link : CVE-2025-1352

JSON object : View

Products Affected

elfutils_project

elfutils

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.0 /10