CVE-2025-1352 HIGH

Published: 2025-02-16 | Last Modified: 2026-06-02 | Status: Modified

Description

A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.

Additional Descriptions (1)

Se ha encontrado una vulnerabilidad en GNU elfutils 0.192 y se ha clasificado como crítica. Esta vulnerabilidad afecta a la función __libdw_thread_tail en la librería libdw_alloc.c del componente eu-readelf. La manipulación del argumento w provoca una corrupción de la memoria. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. El exploit se ha hecho público y puede utilizarse. El nombre del parche es 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. Se recomienda aplicar un parche para solucionar este problema.

CVSS Metrics

Base Score: 7.5 (HIGH)

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	REQUIRED
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.6

Impact Score: 5.9

Base Score: 5.1 (MEDIUM)

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	HIGH
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Secondary

Exploitability Score: 4.9

Impact Score: 6.4

Base Score: 2.3 (LOW)

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	NETWORK
Attack Complexity	HIGH
Attack Requirements	NONE
Privileges Required	NONE
User Interaction	PASSIVE
Vulnerability Confidentiality	LOW
Vulnerability Integrity	LOW
Vulnerability Availability	LOW
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-119

Affected Products

Vendor	Product	Version	Update	Type
elfutils_project	elfutils	0.192	<built-in method update of dict object at 0x7f763a8119c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:elfutils_project:elfutils:0.192:::::::*`

References

https://sourceware.org/bugzilla/attachment.cgi?id=15923
Source: [email protected]

Broken Link
https://sourceware.org/bugzilla/show_bug.cgi?id=32650
Source: [email protected]

Exploit Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32650#c2
Source: [email protected]

Broken Link
https://vuldb.com/?ctiid.295960
Source: [email protected]

Permissions Required VDB Entry
https://vuldb.com/?id.295960
Source: [email protected]

Third Party Advisory VDB Entry
https://vuldb.com/?submit.495965
Source: [email protected]

Third Party Advisory VDB Entry
https://www.gnu.org/
Source: [email protected]

Product
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e