CVE-2025-1176

CVSS 3.1 Score 5 of 10 (medium)

Details

Published Feb 11, 2025

Updated: Feb 20, 2025

CWE ID 119

CWE ID 122

Summary

CVE-2025-1176 is a critical vulnerability identified in GNU Binutils 2.43. This issue lies in the _bfd_elf_gc_mark_rsec function of elflink.c within the component ld. The flaw results in a heap-based buffer overflow, which can be exploited remotely. The complexity and difficulty of an attack are relatively high, but an exploit for this vulnerability has been made public. To mitigate this risk, it is recommended to apply the patch with the commit ID f9978defb6fab0bd8583942d97c112b0932ac814.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Gnu Binutils

Affected Vendors

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3N994T
https://www.cve.org/CVERecord?id=CVE-2025-1176
https://nvd.nist.gov/vuln/detail/CVE-2025-1176

Back to Vulnerability Database