CVE-2024-25260

NameCVE-2024-25260
Descriptionelfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
elfutils (PTS)buster0.176-1.1vulnerable
buster (security)0.176-1.1+deb10u1vulnerable
bullseye0.183-1vulnerable
bookworm0.188-2.1vulnerable
trixie0.190-1vulnerable
sid0.191-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
elfutilssource(unstable)(unfixed)unimportant

Notes

https://sourceware.org/bugzilla/show_bug.cgi?id=31058
https://sourceware.org/git/?p=elfutils.git;a=commit;h=373f5212677235fc3ca6068b887111554790f944
Crash in CLI tool, considered only to be a normal bug by upstream

Search for package or bug name: Reporting problems