cnvd - cnvd-2025-09688

cnvd-2025-09688

Vulnerability from cnvd

Title: GNU Binutils内存损坏漏洞（CNVD-2025-09688）

Description:

GNU Binutils（GNU Binary Utilities）是美国GNU社区的开发的一组编程语言工具程序。

GNU Binutils存在内存损坏漏洞。该漏洞源于bfd/elflink.c中的函数_bfd_elf_gc_mark_rsec，目前没有详细的漏洞细节提供。

Severity: 中

Patch Name: GNU Binutils内存损坏漏洞（CNVD-2025-09688）的补丁

Patch Description:

GNU Binutils（GNU Binary Utilities）是美国GNU社区的开发的一组编程语言工具程序。

GNU Binutils存在内存损坏漏洞。该漏洞源于bfd/elflink.c中的函数_bfd_elf_gc_mark_rsec，目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级程序修复该安全问题，详情见厂商官网： https://www.gnu.org/software/binutils/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-1181

Impacted products

Name
Gnu GNU Binutils 2.43

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-1181",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-1181"
    }
  },
  "description": "GNU Binutils\uff08GNU Binary Utilities\uff09\u662f\u7f8e\u56fdGNU\u793e\u533a\u7684\u5f00\u53d1\u7684\u4e00\u7ec4\u7f16\u7a0b\u8bed\u8a00\u5de5\u5177\u7a0b\u5e8f\u3002\n\nGNU Binutils\u5b58\u5728\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8ebfd/elflink.c\u4e2d\u7684\u51fd\u6570_bfd_elf_gc_mark_rsec\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://www.gnu.org/software/binutils/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-09688",
  "openTime": "2025-05-14",
  "patchDescription": "GNU Binutils\uff08GNU Binary Utilities\uff09\u662f\u7f8e\u56fdGNU\u793e\u533a\u7684\u5f00\u53d1\u7684\u4e00\u7ec4\u7f16\u7a0b\u8bed\u8a00\u5de5\u5177\u7a0b\u5e8f\u3002\r\n\r\nGNU Binutils\u5b58\u5728\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8ebfd/elflink.c\u4e2d\u7684\u51fd\u6570_bfd_elf_gc_mark_rsec\uff0c\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\r\n\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNU Binutils\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff08CNVD-2025-09688\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Gnu GNU Binutils 2.43"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-1181",
  "serverity": "\u4e2d",
  "submitTime": "2025-02-17",
  "title": "GNU Binutils\u5185\u5b58\u635f\u574f\u6f0f\u6d1e\uff08CNVD-2025-09688\uff09"
}

CVE-2025-1181 (GCVE-0-2025-1181)

Vulnerability from cvelistv5

Published

2025-02-11 08:00

Modified

2025-04-25 23:02

Severity ?

2.3 (Low) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-119 - Memory Corruption

Summary

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.

References

▼	URL	Tags
	https://vuldb.com/?id.295084	vdb-entry, technical-description
	https://vuldb.com/?ctiid.295084	signature, permissions-required
	https://vuldb.com/?submit.495402	third-party-advisory
	https://sourceware.org/bugzilla/show_bug.cgi?id=32643	issue-tracking
	https://sourceware.org/bugzilla/attachment.cgi?id=15918	exploit
	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24	patch
	https://www.gnu.org/	product

Impacted products

	Vendor	Product	Version
	GNU	Binutils	Version: 2.43

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-1181",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-11T14:50:50.876062Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-11T14:51:30.028Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32643"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://vuldb.com/?submit.495402"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-25T23:02:58.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250425-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "ld"
          ],
          "product": "Binutils",
          "vendor": "GNU",
          "versions": [
            {
              "status": "affected",
              "version": "2.43"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wenjusun (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "In GNU Binutils 2.43 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es die Funktion _bfd_elf_gc_mark_rsec der Datei bfd/elflink.c der Komponente ld. Durch das Beeinflussen mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Das Ausnutzen gilt als schwierig. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 931494c9a89558acb36a03a340c01726545eef24 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 2.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.1,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T08:00:11.337Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-295084 | GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.295084"
        },
        {
          "name": "VDB-295084 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.295084"
        },
        {
          "name": "Submit #495402 | GNU ld 2.43 illegal read access with --gc-sections --no-print-gc-sections -w",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.495402"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32643"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://sourceware.org/bugzilla/attachment.cgi?id=15918"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=931494c9a89558acb36a03a340c01726545eef24"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.gnu.org/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-10T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-02-10T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-02-10T12:06:59.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec memory corruption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-1181",
    "datePublished": "2025-02-11T08:00:11.337Z",
    "dateReserved": "2025-02-10T11:01:33.294Z",
    "dateUpdated": "2025-04-25T23:02:58.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted