CVE-2025-1371 : A vulnerability has been found in GNU elfutils 0.192 and classified as problemat

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.

Published 2025-02-17 03:15:09

Updated 2025-02-18 20:15:24

Source VulDB

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2025-1371

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2025-1371

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 5 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-1371

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.7	LOW	AV:L/AC:L/Au:S/C:N/I:N/A:P	3.1	2.9	VulDB	2025-02-17
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	1.8	1.4	VulDB	2025-02-17
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/V...	N/A	N/A	VulDB	2025-02-17
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: Low User Interaction: None Confidentiality (VC): None Integrity (VI): None Availability (VA): Low

CWE ids for CVE-2025-1371

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Secondary)
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: cna@vuldb.com (Secondary)

References for CVE-2025-1371

https://vuldb.com/?ctiid.295978
https://www.gnu.org/

The GNU Operating System and the Free Software Movement

CVEs referencing this url
https://sourceware.org/bugzilla/attachment.cgi?id=15926
https://sourceware.org/bugzilla/show_bug.cgi?id=32655#c2
https://sourceware.org/bugzilla/show_bug.cgi?id=32655
https://vuldb.com/?id.295978

CVE-2025-1371 GNU elfutils eu-read readelf.c handle_dynamic_symtab null pointer dereference (Bug 32655)
https://vuldb.com/?submit.496484

Submit #496484: GNU elfutils/eu-readelf 0.192 Buffer Over-read

Jump to

Vulnerability Details : CVE-2025-1371

Products affected by CVE-2025-1371

Exploit prediction scoring system (EPSS) score for CVE-2025-1371

CVSS scores for CVE-2025-1371

CWE ids for CVE-2025-1371

References for CVE-2025-1371