CVE-2025-1179 - Vulnerability Details

Vendors	Products
Gnu	Binutils

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-1179
https://sourceware.org/bugzilla/attachment.cgi?id=15915
https://sourceware.org/bugzilla/show_bug.cgi?id=32640
https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1
https://vuldb.com/?ctiid.295082
https://vuldb.com/?id.295082
https://vuldb.com/?submit.495376
https://www.cve.org/CVERecord?id=CVE-2025-1179
https://www.gnu.org/

Type	Values Removed	Values Added
First Time appeared		Gnu Gnu binutils
CPEs		cpe:2.3:a:gnu:binutils:2.43:::::::*
Vendors & Products		Gnu Gnu binutils

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-1179 https://www.cve.org/CVERecord?id=CVE-2025-1179
Metrics	threat_severity `None`	threat_severity `Moderate`

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases".
Title		GNU Binutils ld libbfd.c bfd_putl64 memory corruption
Weaknesses		CWE-119
References		https://sourceware.org/bugzilla/attachment.cgi?id=15915 https://sourceware.org/bugzilla/show_bug.cgi?id=32640 https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1 https://vuldb.com/?ctiid.295082 https://vuldb.com/?id.295082 https://vuldb.com/?submit.495376 https://www.gnu.org/
Metrics		cvssV2_0 `{'score': 5.1, 'vector': 'AV:N/AC:H/Au:N/C:P/I:P/A:P'}` cvssV3_0 `{'score': 5, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}` cvssV3_1 `{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1179", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-02-10T10:50:13.963Z", "datePublished": "2025-02-11T07:00:10.602Z", "dateUpdated": "2025-02-11T15:15:23.220Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-02-11T07:00:10.602Z"}, "title": "GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "GNU", "product": "Binutils", "versions": [{"version": "2.43", "status": "affected"}], "modules": ["ld"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that \"[t]his bug has been fixed at some point between the 2.43 and 2.44 releases\"."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in GNU Binutils 2.43 ausgemacht. Dies betrifft die Funktion bfd_putl64 der Datei bfd/libbfd.c der Komponente ld. Durch das Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.44 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "LOW"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-02-10T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-02-10T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-02-10T11:55:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "wenjusun (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.295082", "name": "VDB-295082 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.295082", "name": "VDB-295082 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.495376", "name": "Submit #495376 | GNU ld 2.43 Illegal write access with -w option", "tags": ["third-party-advisory"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32640", "tags": ["issue-tracking"]}, {"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15915", "tags": ["exploit"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1", "tags": ["issue-tracking", "patch"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-11T15:15:06.633437Z", "id": "CVE-2025-1179", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:15:23.220Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2025-1179 (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

state : PUBLISHED (string)

assignerShortName : VulDB (string)

dateReserved : 2025-02-10T10:50:13.963Z (string)

datePublished : 2025-02-11T07:00:10.602Z (string)

dateUpdated : 2025-02-11T15:15:23.220Z (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2025-02-11T07:00:10.602Z (string)

}

title : GNU Binutils ld libbfd.c bfd_putl64 memory corruption (string)

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

cweId : CWE-119 (string)

lang : en (string)

description : Memory Corruption (string)

}

]

}

]

affected : [ »

0 : { »

vendor : GNU (string)

product : Binutils (string)

versions : [ »

0 : { »

version : 2.43 (string)

status : affected (string)

}

]

modules : [ »

0 : ld (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". (string)

}

1 : { »

lang : de (string)

value : Eine kritische Schwachstelle wurde in GNU Binutils 2.43 ausgemacht. Dies betrifft die Funktion bfd_putl64 der Datei bfd/libbfd.c der Komponente ld. Durch das Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 2.44 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 2.3 (number)

vectorString : CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N (string)

baseSeverity : LOW (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 5 (number)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

baseSeverity : MEDIUM (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 5 (number)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

baseSeverity : MEDIUM (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 5.1 (number)

vectorString : AV:N/AC:H/Au:N/C:P/I:P/A:P (string)

}

]

timeline : [ »

0 : { »

time : 2025-02-10T00:00:00.000Z (string)

lang : en (string)

value : Advisory disclosed (string)

}

1 : { »

time : 2025-02-10T01:00:00.000Z (string)

lang : en (string)

value : VulDB entry created (string)

}

2 : { »

time : 2025-02-10T11:55:23.000Z (string)

lang : en (string)

value : VulDB entry last update (string)

}

]

credits : [ »

0 : { »

lang : en (string)

value : wenjusun (VulDB User) (string)

type : reporter (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.295082 (string)

name : VDB-295082 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.295082 (string)

name : VDB-295082 | CTI Indicators (IOB, IOC, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.495376 (string)

name : Submit #495376 | GNU ld 2.43 Illegal write access with -w option (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://sourceware.org/bugzilla/show_bug.cgi?id=32640 (string)

tags : [ »

0 : issue-tracking (string)

]

}

4 : { »

url : https://sourceware.org/bugzilla/attachment.cgi?id=15915 (string)

tags : [ »

0 : exploit (string)

]

}

5 : { »

url : https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1 (string)

tags : [ »

0 : issue-tracking (string)

1 : patch (string)

]

}

6 : { »

url : https://www.gnu.org/ (string)

tags : [ »

0 : product (string)

]

}

]

}

adp : [ »

0 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-02-11T15:15:06.633437Z (string)

id : CVE-2025-1179 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-11T15:15:23.220Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1179", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-11T15:15:06.633437Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-11T15:14:38.760Z"}}], "cna": {"title": "GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "credits": [{"lang": "en", "type": "reporter", "value": "wenjusun (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 2.3, "baseSeverity": "LOW", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "GNU", "modules": ["ld"], "product": "Binutils", "versions": [{"status": "affected", "version": "2.43"}]}], "timeline": [{"lang": "en", "time": "2025-02-10T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-02-10T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-02-10T11:55:23.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.295082", "name": "VDB-295082 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.295082", "name": "VDB-295082 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.495376", "name": "Submit #495376 | GNU ld 2.43 Illegal write access with -w option", "tags": ["third-party-advisory"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32640", "tags": ["issue-tracking"]}, {"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15915", "tags": ["exploit"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1", "tags": ["issue-tracking", "patch"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that \"[t]his bug has been fixed at some point between the 2.43 and 2.44 releases\"."}, {"lang": "de", "value": "Eine kritische Schwachstelle wurde in GNU Binutils 2.43 ausgemacht. Dies betrifft die Funktion bfd_putl64 der Datei bfd/libbfd.c der Komponente ld. Durch das Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.44 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-02-11T07:00:10.602Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1179", "state": "PUBLISHED", "dateUpdated": "2025-02-11T15:15:23.220Z", "dateReserved": "2025-02-10T10:50:13.963Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-02-11T07:00:10.602Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2025-1179 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-02-11T15:15:06.633437Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-02-11T15:14:38.760Z (string)

}

]

cna : { »

title : GNU Binutils ld libbfd.c bfd_putl64 memory corruption (string)

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

value : wenjusun (VulDB User) (string)

}

]

metrics : [ »

0 : { »

cvssV4_0 : { »

version : 4.0 (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

vectorString : CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N (string)

}

1 : { »

cvssV3_1 : { »

version : 3.1 (string)

baseScore : 5 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

}

2 : { »

cvssV3_0 : { »

version : 3.0 (string)

baseScore : 5 (number)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

}

3 : { »

cvssV2_0 : { »

version : 2.0 (string)

baseScore : 5.1 (number)

vectorString : AV:N/AC:H/Au:N/C:P/I:P/A:P (string)

}

]

affected : [ »

0 : { »

vendor : GNU (string)

modules : [ »

0 : ld (string)

]

product : Binutils (string)

versions : [ »

0 : { »

status : affected (string)

version : 2.43 (string)

}

]

}

]

timeline : [ »

0 : { »

lang : en (string)

time : 2025-02-10T00:00:00.000Z (string)

value : Advisory disclosed (string)

}

1 : { »

lang : en (string)

time : 2025-02-10T01:00:00.000Z (string)

value : VulDB entry created (string)

}

2 : { »

lang : en (string)

time : 2025-02-10T11:55:23.000Z (string)

value : VulDB entry last update (string)

}

]

references : [ »

0 : { »

url : https://vuldb.com/?id.295082 (string)

name : VDB-295082 | GNU Binutils ld libbfd.c bfd_putl64 memory corruption (string)

tags : [ »

0 : vdb-entry (string)

1 : technical-description (string)

]

}

1 : { »

url : https://vuldb.com/?ctiid.295082 (string)

name : VDB-295082 | CTI Indicators (IOB, IOC, IOA) (string)

tags : [ »

0 : signature (string)

1 : permissions-required (string)

]

}

2 : { »

url : https://vuldb.com/?submit.495376 (string)

name : Submit #495376 | GNU ld 2.43 Illegal write access with -w option (string)

tags : [ »

0 : third-party-advisory (string)

]

}

3 : { »

url : https://sourceware.org/bugzilla/show_bug.cgi?id=32640 (string)

tags : [ »

0 : issue-tracking (string)

]

}

4 : { »

url : https://sourceware.org/bugzilla/attachment.cgi?id=15915 (string)

tags : [ »

0 : exploit (string)

]

}

5 : { »

url : https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1 (string)

tags : [ »

0 : issue-tracking (string)

1 : patch (string)

]

}

6 : { »

url : https://www.gnu.org/ (string)

tags : [ »

0 : product (string)

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". (string)

}

1 : { »

lang : de (string)

value : Eine kritische Schwachstelle wurde in GNU Binutils 2.43 ausgemacht. Dies betrifft die Funktion bfd_putl64 der Datei bfd/libbfd.c der Komponente ld. Durch das Manipulieren mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur öffentlichen Verfügung. Ein Aktualisieren auf die Version 2.44 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-119 (string)

description : Memory Corruption (string)

}

]

}

]

providerMetadata : { »

orgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

shortName : VulDB (string)

dateUpdated : 2025-02-11T07:00:10.602Z (string)

}

cveMetadata : { »

cveId : CVE-2025-1179 (string)

state : PUBLISHED (string)

dateUpdated : 2025-02-11T15:15:23.220Z (string)

dateReserved : 2025-02-10T10:50:13.963Z (string)

assignerOrgId : 1af790b2-7ee1-4545-860a-a788eba489b5 (string)

datePublished : 2025-02-11T07:00:10.602Z (string)

assignerShortName : VulDB (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.43:*:*:*:*:*:*:*", "matchCriteriaId": "41E442CC-ADC3-46D7-BC3C-AF5210AA9C04", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that \"[t]his bug has been fixed at some point between the 2.43 and 2.44 releases\"."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en GNU Binutils 2.43. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n bfd_putl64 del archivo bfd/libbfd.c del componente ld. La manipulaci\u00f3n provoca la corrupci\u00f3n de la memoria. El ataque puede ejecutarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit se ha hecho p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 2.44 puede solucionar este problema. Se recomienda actualizar el componente afectado. El c\u00f3digo fabricante explica que \"[e]ste error se ha corregido en alg\u00fan momento entre las versiones 2.43 y 2.44\"."}], "id": "CVE-2025-1179", "lastModified": "2025-03-03T16:52:20.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.3, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-02-11T07:15:30.230", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15915"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32640"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.295082"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?id.295082"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.495376"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://www.gnu.org/"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:gnu:binutils:2.43:*:*:*:*:*:*:* (string)

matchCriteriaId : 41E442CC-ADC3-46D7-BC3C-AF5210AA9C04 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". (string)

}

1 : { »

lang : es (string)

value : Se ha encontrado una vulnerabilidad en GNU Binutils 2.43. Se ha calificado como crítica. Este problema afecta a la función bfd_putl64 del archivo bfd/libbfd.c del componente ld. La manipulación provoca la corrupción de la memoria. El ataque puede ejecutarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotación es difícil. El exploit se ha hecho público y puede utilizarse. La actualización a la versión 2.44 puede solucionar este problema. Se recomienda actualizar el componente afectado. El código fabricante explica que "[e]ste error se ha corregido en algún momento entre las versiones 2.43 y 2.44". (string)

}

]

id : CVE-2025-1179 (string)

lastModified : 2025-03-03T16:52:20.953 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : HIGH (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 5.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:H/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 4.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : cna@vuldb.com (string)

type : Secondary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : LOW (string)

baseScore : 5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

version : 3.1 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 3.4 (number)

source : cna@vuldb.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.5 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

cvssMetricV40 : [ »

0 : { »

cvssData : { »

Automatable : NOT_DEFINED (string)

Recovery : NOT_DEFINED (string)

Safety : NOT_DEFINED (string)

attackComplexity : HIGH (string)

attackRequirements : NONE (string)

attackVector : NETWORK (string)

availabilityRequirement : NOT_DEFINED (string)

baseScore : 2.3 (number)

baseSeverity : LOW (string)

confidentialityRequirement : NOT_DEFINED (string)

exploitMaturity : NOT_DEFINED (string)

integrityRequirement : NOT_DEFINED (string)

modifiedAttackComplexity : NOT_DEFINED (string)

modifiedAttackRequirements : NOT_DEFINED (string)

modifiedAttackVector : NOT_DEFINED (string)

modifiedPrivilegesRequired : NOT_DEFINED (string)

modifiedSubAvailabilityImpact : NOT_DEFINED (string)

modifiedSubConfidentialityImpact : NOT_DEFINED (string)

modifiedSubIntegrityImpact : NOT_DEFINED (string)

modifiedUserInteraction : NOT_DEFINED (string)

modifiedVulnAvailabilityImpact : NOT_DEFINED (string)

modifiedVulnConfidentialityImpact : NOT_DEFINED (string)

modifiedVulnIntegrityImpact : NOT_DEFINED (string)

privilegesRequired : NONE (string)

providerUrgency : NOT_DEFINED (string)

subAvailabilityImpact : NONE (string)

subConfidentialityImpact : NONE (string)

subIntegrityImpact : NONE (string)

userInteraction : PASSIVE (string)

valueDensity : NOT_DEFINED (string)

vectorString : CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X (string)

version : 4.0 (string)

vulnAvailabilityImpact : LOW (string)

vulnConfidentialityImpact : LOW (string)

vulnIntegrityImpact : LOW (string)

vulnerabilityResponseEffort : NOT_DEFINED (string)

}

source : cna@vuldb.com (string)

type : Secondary (string)

}

]

}

published : 2025-02-11T07:15:30.230 (string)

references : [ »

0 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://sourceware.org/bugzilla/attachment.cgi?id=15915 (string)

}

1 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

]

url : https://sourceware.org/bugzilla/show_bug.cgi?id=32640 (string)

}

2 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

]

url : https://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1 (string)

}

3 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Permissions Required (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?ctiid.295082 (string)

}

4 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Permissions Required (string)

1 : VDB Entry (string)

]

url : https://vuldb.com/?id.295082 (string)

}

5 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://vuldb.com/?submit.495376 (string)

}

6 : { »

source : cna@vuldb.com (string)

tags : [ »

0 : Product (string)

]

url : https://www.gnu.org/ (string)

}

]

sourceIdentifier : cna@vuldb.com (string)

vulnStatus : Analyzed (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : cna@vuldb.com (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption", "id": "2344844", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344844"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-119", "details": ["A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that \"[t]his bug has been fixed at some point between the 2.43 and 2.44 releases\".", "A flaw was found in GNU Binutils. This vulnerability allows memory corruption via manipulation of the bfd_putl64 function."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-1179", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-13-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-13-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-14-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-14-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-13-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-13-gdb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gcc-toolset-14-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-11T07:00:10Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1179\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1179\nhttps://sourceware.org/bugzilla/attachment.cgi?id=15915\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=32640\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=32640#c1\nhttps://vuldb.com/?ctiid.295082\nhttps://vuldb.com/?id.295082\nhttps://vuldb.com/?submit.495376\nhttps://www.gnu.org/"], "threat_severity": "Moderate"}

{

bugzilla : { »

description : binutils: GNU Binutils ld libbfd.c bfd_putl64 memory corruption (string)

id : 2344844 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2344844 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.0 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L (string)

status : draft (string)

}

cwe : CWE-119 (string)

details : [ »

0 : A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfd_putl64 of the file bfd/libbfd.c of the component ld. The manipulation leads to memory corruption. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer explains, that "[t]his bug has been fixed at some point between the 2.43 and 2.44 releases". (string)

1 : A flaw was found in GNU Binutils. This vulnerability allows memory corruption via manipulation of the bfd_putl64 function. (string)

]

mitigation : { »

lang : en:us (string)

value : Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

name : CVE-2025-1179 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)