CVE-2025-5244

Published May 27, 2025

Last updated 2 months ago

CVSS medium 4.8

Overview

Description
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
Source
cna@vuldb.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
4.8
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
5.3
Impact score
3.4
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Severity
MEDIUM

CVSS 2.0

Type
Secondary
Base score
4.3
Impact score
6.4
Exploitability score
3.1
Vector string
AV:L/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

cna@vuldb.com
CWE-119

Social media

Hype score
Not currently trending

  1. CVE-2025-5244 Memory Corruption Vulnerability in GNU Binutils ld Component Up to 2.44 https://t.co/MfHbE9Kc5C Vulnerability Notification: https://t.co/xhLrNnfyrO

    @VulmonFeeds

    27 May 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.