CVE-2025-1377 : A vulnerability, which was classified as problematic, has been found in GNU elfu

A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.

Published 2025-02-17 05:15:10

Updated 2025-02-17 05:15:10

Source VulDB

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2025-1377

Please log in to view affected product information.

Exploit prediction scoring system (EPSS) score for CVE-2025-1377

EPSS FAQ

0.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 7 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2025-1377

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
1.7	LOW	AV:L/AC:L/Au:S/C:N/I:N/A:P	3.1	2.9	VulDB	2025-02-17
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
3.3	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	1.8	1.4	VulDB	2025-02-17
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: Low
4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/V...	N/A	N/A	VulDB	2025-02-17
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: Low User Interaction: None Confidentiality (VC): None Integrity (VI): None Availability (VA): Low

CWE ids for CVE-2025-1377

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

Assigned by: cna@vuldb.com (Primary)

References for CVE-2025-1377

https://www.gnu.org/

The GNU Operating System and the Free Software Movement

CVEs referencing this url
https://vuldb.com/?submit.497539

Submit #497539: GNU elfutils/eu-strip 0.192 illegal read access
https://sourceware.org/bugzilla/show_bug.cgi?id=32673

32673 – eu-strip SEGV (illegal read access) in gelf_getsymshndx (libelf/gelf_getsymshndx.c:123)
https://vuldb.com/?ctiid.295985
https://vuldb.com/?id.295985

CVE-2025-1377 GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service (Bug 32673)
https://sourceware.org/bugzilla/attachment.cgi?id=15941
https://sourceware.org/bugzilla/show_bug.cgi?id=32673#c2

32673 – eu-strip SEGV (illegal read access) in gelf_getsymshndx (libelf/gelf_getsymshndx.c:123)

Jump to

Vulnerability Details : CVE-2025-1377

Products affected by CVE-2025-1377

Exploit prediction scoring system (EPSS) score for CVE-2025-1377

CVSS scores for CVE-2025-1377

CWE ids for CVE-2025-1377

References for CVE-2025-1377