CVE-2025-8225

GNU Binutils DWARF Section dwarf.c process_debug_info memory leak

Severity Score

4.8

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.

Se encontró una vulnerabilidad en GNU Binutils 2.44 y se clasificó como problemática. Este problema afecta a la función process_debug_info del archivo binutils/dwarf.c del componente DWARF Section Handler. La manipulación provoca una fuga de memoria. Es obligatorio atacar localmente. El identificador del parche es e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. Se recomienda aplicar un parche para solucionar este problema.

Eine problematische Schwachstelle wurde in GNU Binutils 2.44 gefunden. Betroffen davon ist die Funktion process_debug_info der Datei binutils/dwarf.c der Komponente DWARF Section Handler. Dank Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Patch wird als e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

It was discovered that GNU binutils could be forced to perform an out- of-bounds read in certain instances. An attacker with local access to a system could possibly use this issue to cause a denial of service. It was discovered that GNU binutils incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

*Credits: arthurx

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

Low

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

None

Integrity

None

Availability

Low

None

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2025-07-26 CVE Reserved
2025-07-27 CVE Published
2025-08-01 CVE Updated
2025-08-01 First Exploit
2026-02-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-401: Missing Release of Memory after Effective Lifetime
CWE-404: Improper Resource Shutdown or Release

CAPEC

References (4)

URL	Tag	Source
https://vuldb.com/?id.317813	Technical Description
https://www.gnu.org	Product

URL	Date	SRC
https://vuldb.com/?submit.621883	2025-08-01

URL	Date	SRC
https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4	2025-07-28

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Binutils Search vendor "Gnu" for product "Binutils"				2.44 Search vendor "Gnu" for product "Binutils" and version "2.44"		-		Affected