CVEFinder.io

CVE-2025-1181

🔶 medium
🔍 Scan for this CVE
Summary

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to a

Description

A vulnerability classified as critical was found in GNU Binutils 2.43. This vulnerability affects the function _bfd_elf_gc_mark_rsec of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 931494c9a89558acb36a03a340c01726545eef24. It is recommended to apply a patch to fix this issue.

CVSS Score
5.0
Medium
EPSS Score
0.4
Exploit Probability
Published Date
2025-02-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 19.3% of all 329,456 vulnerabilities in our database.

#265,985
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Feb 11, 2025
🔍 Exploitation Status
Poc
Proof-of-concept available
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Partial
Limited system impact
🏆 Discovered By
wenjusun (VulDB User) (reporter)
SSVC data provided by CISA
Last Modified 2025-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CVSS Vector 4.0 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)
CWE-119

📦 Affected Products 3

Vendor Product Status Affected Versions
gnu binutils Affected
v2.43
netapp ontap_select_deploy_administration_utility Affected
v-
netapp active_iq_unified_manager Affected
v-

🔗 References 8

https://sourceware.org/bugzilla/attachment.cgi?id=15918
Broken Link
https://sourceware.org/bugzilla/show_bug.cgi?id=32643
Broken Link
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb...
Broken Link
https://vuldb.com/?ctiid.295084
Permissions Required VDB Entry
https://vuldb.com/?id.295084
Third Party Advisory VDB Entry
https://vuldb.com/?submit.495402
Exploit VDB Entry
https://www.gnu.org/
Product
https://security.netapp.com/advisory/ntap-20250425-0...
Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-6844 🔶 medium 5.5 0.0 A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service ... 2026-04-22
CVE-2026-6845 🔶 medium 5.0 0.0 A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to c... 2026-04-22
CVE-2026-6846 ⚠️ high 7.8 0.0 A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Ext... 2026-04-22
CVE-2026-4647 🔶 medium 6.1 0.0 A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files... 2026-03-23
CVE-2026-3441 🔶 medium 6.1 0.0 A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t... 2026-03-16
CVE-2026-3442 🔶 medium 6.1 0.0 A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, ... 2026-03-16
These CVEs affect the same products