CVE-2025-8225
Public on 2025-07-27
Modified on 2025-07-28
Description
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
NOTE: binutils not covered by security support
NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4
NOTE: binutils not covered by security support
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | binutils | No Fix Planned | ||
| Amazon Linux 2 - Core | binutils | Not Affected | ||
| Amazon Linux 2023 | binutils | Pending Fix | ||
| Amazon Linux 2 - Core | gcc10-binutils | Not Affected | ||
| Amazon Linux 2 - Core | gdb | Not Affected | ||
| Amazon Linux 2023 | gdb | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| NVD | CVSSv2 | 1.7 | AV:L/AC:L/Au:S/C:N/I:N/A:P |
| NVD | CVSSv3 | 3.3 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |