CVE-2025-1376

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-1376
A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.

2.5 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.0 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:H/Au:S/C:N/I:N/A:P

Exploitability : 1.5 / Impact : 2.9

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://sourceware.org/bugzilla/attachment.cgi?id=15940 Exploit
https://sourceware.org/bugzilla/show_bug.cgi?id=32672 Exploit Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 Exploit Issue Tracking
https://vuldb.com/?ctiid.295984 Permissions Required VDB Entry
https://vuldb.com/?id.295984 Third Party Advisory VDB Entry
https://vuldb.com/?submit.497538 Third Party Advisory VDB Entry
https://www.gnu.org/ Product
Configurations

Configuration 1 (hide)

cpe:2.3:a:elfutils_project:elfutils:0.192:*:*:*:*:*:*:*
History

04 Nov 2025, 20:21

Type Values Removed Values Added
First Time Elfutils Project
Elfutils Project elfutils
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como problemática en GNU elfutils 0.192. Esta vulnerabilidad afecta a la función elf_strptr en la librería /libelf/elf_strptr.c del componente eu-strip. La manipulación provoca una denegación de servicio. Es posible lanzar el ataque en el host local. La complejidad de un ataque es bastante alta. La explotación parece ser difícil. El exploit ha sido revelado al público y puede utilizarse. El nombre del parche es b16f441cca0a4841050e3215a9f120a6d8aea918. Se recomienda aplicar un parche para solucionar este problema.
CPE cpe:2.3:a:elfutils_project:elfutils:0.192:*:*:*:*:*:*:*
References () https://sourceware.org/bugzilla/attachment.cgi?id=15940 - () https://sourceware.org/bugzilla/attachment.cgi?id=15940 - Exploit
References () https://sourceware.org/bugzilla/show_bug.cgi?id=32672 - () https://sourceware.org/bugzilla/show_bug.cgi?id=32672 - Exploit, Issue Tracking
References () https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 - () https://sourceware.org/bugzilla/show_bug.cgi?id=32672#c3 - Exploit, Issue Tracking
References () https://vuldb.com/?ctiid.295984 - () https://vuldb.com/?ctiid.295984 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.295984 - () https://vuldb.com/?id.295984 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.497538 - () https://vuldb.com/?submit.497538 - Third Party Advisory, VDB Entry
References () https://www.gnu.org/ - () https://www.gnu.org/ - Product

17 Feb 2025, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-17 05:15

Updated : 2025-11-04 20:21

NVD link : CVE-2025-1376

Mitre link : CVE-2025-1376

CVE.ORG link : CVE-2025-1376

JSON object : View

Products Affected

elfutils_project

  • elfutils
CWE
CWE-404

Improper Resource Shutdown or Release