5.5

CVE-2025-1377

Exploit

GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Elfutils ProjectElfutils Version0.192
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.31% 0.22
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com 4.8 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 1.7 3.1 2.9
AV:L/AC:L/Au:S/C:N/I:N/A:P
CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://www.gnu.org/
Product
https://sourceware.org/bugzilla/attachment.cgi?id=15941
Exploit
https://sourceware.org/bugzilla/show_bug.cgi?id=32673
Exploit
Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2
Exploit
Issue Tracking
https://vuldb.com/?ctiid.295985
VDB Entry
Permissions Required
https://vuldb.com/?id.295985
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.497539
Third Party Advisory
VDB Entry