CVE-2025-1376 MEDIUM

Published: 2025-02-17 | Last Modified: 2026-06-02 | Status: Modified

Description

A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.

Additional Descriptions (1)

Se ha encontrado una vulnerabilidad clasificada como problemática en GNU elfutils 0.192. Esta vulnerabilidad afecta a la función elf_strptr en la librería /libelf/elf_strptr.c del componente eu-strip. La manipulación provoca una denegación de servicio. Es posible lanzar el ataque en el host local. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. El exploit ha sido revelado al público y puede utilizarse. El nombre del parche es b16f441cca0a4841050e3215a9f120a6d8aea918. Se recomienda aplicar un parche para solucionar este problema.

CVSS Metrics

Base Score: 4.7 (MEDIUM)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector	LOCAL
Attack Complexity	HIGH
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.0

Impact Score: 3.6

Base Score: 1.0 (LOW)

AV:L/AC:H/Au:S/C:N/I:N/A:P

Access Vector	LOCAL
Access Complexity	HIGH
Authentication	SINGLE
Confidentiality Impact	NONE
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Secondary

Exploitability Score: 1.5

Impact Score: 2.9

Base Score: 2.0 (LOW)

CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	LOCAL
Attack Complexity	HIGH
Attack Requirements	NONE
Privileges Required	LOW
User Interaction	NONE
Vulnerability Confidentiality	NONE
Vulnerability Integrity	NONE
Vulnerability Availability	LOW
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE

Source: [email protected]

Type: Secondary

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-404

Affected Products

Vendor	Product	Version	Update	Type
elfutils_project	elfutils	0.192	<built-in method update of dict object at 0x7b06ff12ad40>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:elfutils_project:elfutils:0.192:::::::*`

References

https://sourceware.org/bugzilla/attachment.cgi?id=15940
Source: [email protected]

Exploit
https://sourceware.org/bugzilla/show_bug.cgi?id=32672
Source: [email protected]

Exploit Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3
Source: [email protected]

Exploit Issue Tracking
https://vuldb.com/?ctiid.295984
Source: [email protected]

Permissions Required VDB Entry
https://vuldb.com/?id.295984
Source: [email protected]

Third Party Advisory VDB Entry
https://vuldb.com/?submit.497538
Source: [email protected]

Third Party Advisory VDB Entry
https://www.gnu.org/
Source: [email protected]

Product
https://cert-portal.siemens.com/productcert/html/ssa-253495.html
Source: 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e