CVE-2025-1377: GNU elfutils eu-strip strip.c gelf_getsymshndx denial of service
First published: Mon Feb 17 2025(Updated: )
A vulnerability, which was classified as problematic, has been found in GNU elfutils 0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the component eu-strip. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is recommended to apply a patch to fix this issue.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU elfutils |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1377?
CVE-2025-1377 is classified as a problematic vulnerability that can lead to denial of service.
How does CVE-2025-1377 affect GNU elfutils?
CVE-2025-1377 affects the function gelf_getsymshndx within the strip.c file of the GNU elfutils component eu-strip.
Who is affected by CVE-2025-1377?
CVE-2025-1377 affects local users of GNU elfutils 0.192.
What is the impact of exploiting CVE-2025-1377?
Exploitation of CVE-2025-1377 can lead to a denial of service condition in the affected system.
What are the recommended actions to mitigate CVE-2025-1377?
To mitigate CVE-2025-1377, it is advised to update GNU elfutils to the latest patched version.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/author
- agent/source
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/event
- vendor/gnu
- canonical/gnu elfutils