CVE-2025-5244
MEDIUMGNU Binutils < 2.45 - Memory Corruption in elf_gc_sweep
Title source: llmDescription
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.584634
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.310346
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.310346
Exploit, Issue Tracking issue-tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32858
Broken Link exploit
https://sourceware.org/bugzilla/attachment.cgi?id=16010
Patch patch
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5
Product broken-link
product
https://www.gnu.org/
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-265688.html
Scores
CVSS v3
5.3
EPSS
0.0008
EPSS Percentile
22.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-119
Status
published
Products (46)
gnu/binutils
< 2.45
GNU/Binutils
2.0
GNU/Binutils
2.1
GNU/Binutils
2.10
GNU/Binutils
2.11
GNU/Binutils
2.12
GNU/Binutils
2.13
GNU/Binutils
2.14
GNU/Binutils
2.15
GNU/Binutils
2.16
... and 36 more
Published
May 27, 2025
Tracked Since
Feb 18, 2026