CVE-2025-1147

NameCVE-2025-1147
DescriptionA vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
binutils (PTS)bullseye2.35.2-2vulnerable
bookworm2.40-2vulnerable
trixie2.44-3vulnerable
forky, sid2.45-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
binutilssource(unstable)2.45-3unimportant

Notes

https://sourceware.org/bugzilla/show_bug.cgi?id=32556
binutils not covered by security support
These were fixed in master, so 2.45 at the time

Search for package or bug name: Reporting problems