CVEFinder.io

CVE-2025-1178

🔶 medium
🔍 Scan for this CVE
Summary

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recomm

Description

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. Affected by this vulnerability is the function bfd_putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 75086e9de1707281172cc77f178e7949a4414ed0. It is recommended to apply a patch to fix this issue.

CVSS Score
5.6
Medium
EPSS Score
0.4
Exploit Probability
Published Date
2025-02-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.7% of all 329,456 vulnerabilities in our database.

#221,882
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Feb 11, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
wenjusun (VulDB User) (reporter)
SSVC data provided by CISA
Last Modified 2025-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-119

📦 Affected Products 3

Vendor Product Status Affected Versions
gnu binutils Affected
v2.43
netapp ontap_select_deploy_administration_utility Affected
v-
netapp active_iq_unified_manager Affected
v-

🔗 References 8

https://sourceware.org/bugzilla/attachment.cgi?id=15914
Broken Link
https://sourceware.org/bugzilla/show_bug.cgi?id=32638
Broken Link
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb...
Broken Link
https://vuldb.com/?ctiid.295081
Permissions Required VDB Entry
https://vuldb.com/?id.295081
Third Party Advisory VDB Entry
https://vuldb.com/?submit.495369
Exploit VDB Entry
https://www.gnu.org/
Product
https://security.netapp.com/advisory/ntap-20250411-0...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-6844 🔶 medium 5.5 0.0 A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service ... 2026-04-22
CVE-2026-6845 🔶 medium 5.0 0.0 A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to c... 2026-04-22
CVE-2026-6846 ⚠️ high 7.8 0.0 A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Ext... 2026-04-22
CVE-2026-4647 🔶 medium 6.1 0.0 A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files... 2026-03-23
CVE-2026-3441 🔶 medium 6.1 0.0 A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t... 2026-03-16
CVE-2026-3442 🔶 medium 6.1 0.0 A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, ... 2026-03-16
These CVEs affect the same products