Bug 2357358 (CVE-2025-3198)
| Summary: | CVE-2025-3198 binutils: GNU Binutils objdump bucomm.c display_info memory leak | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | ahanwate, crizzo, dfreiber, drow, jburrell, jmitchel, jtanner, kshier, sipoyare, vkumar |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | sipoyare:
needinfo?
(ahanwate) |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in GNU Binutils. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2357427, 2357428, 2357429, 2357430, 2357431, 2357432, 2357433, 2357434, 2357435, 2357436, 2357437, 2357438, 2357439, 2357440, 2357441, 2357442 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-04-04 02:01:16 UTC
@ahanwate this should be disputed/rejected as a CVE. The binutils security policy[1] clearly excludes such issues from the security purview. Besides, it's flimsy even on technical grounds because the leak only ever happens once[2]. [1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob_plain;f=binutils/SECURITY.txt;hb=HEAD [2] https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c2 |