CVE-2025-1365
Published: 17 February 2025
Description
A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects the function process_symtab of the file readelf.c of the component eu-readelf. The manipulation of the argument D/a leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 5e5c0394d82c53e97750fe7b18023e6f84157b81. It is recommended to apply a patch to fix this issue.
Security Summary
CVE-2025-1365 is a critical buffer overflow vulnerability in GNU elfutils version 0.192. It affects the process_symtab function in the file readelf.c within the eu-readelf component, triggered by manipulation of the D/a argument. The issue is associated with CWE-119 and CWE-120.
Local access is required for exploitation, with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). A low-privileged local attacker can trigger the buffer overflow, achieving limited impacts on confidentiality, integrity, and availability. The exploit has been publicly disclosed.
A patch is available with commit identifier 5e5c0394d82c53e97750fe7b18023e6f84157b81, and applying it is recommended to fix the issue. Details, including the patch attachment, are documented in Sourceware Bugzilla bug 32654 and related entries.
Details
- CWE(s)