Bug 2357358 (CVE-2025-3198) - CVE-2025-3198 binutils: GNU Binutils objdump bucomm.c display_info memory leak [NEEDINFO]
Summary: CVE-2025-3198 binutils: GNU Binutils objdump bucomm.c display_info memory leak
Keywords:
Status: NEW
Alias: CVE-2025-3198
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2357427 2357428 2357429 2357430 2357431 2357432 2357433 2357434 2357435 2357436 2357437 2357438 2357439 2357440 2357441 2357442
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-04-04 02:01 UTC by OSIDB Bzimport
Modified: 2025-04-04 09:38 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:
sipoyare: needinfo? (ahanwate)

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-04-04 02:01:16 UTC 
A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is recommended to apply a patch to fix this issue.
Comment 2 Siddhesh Poyarekar 2025-04-04 09:38:43 UTC 
@ahanwate this should be disputed/rejected as a CVE. The binutils security policy[1] clearly excludes such issues from the security purview.  Besides, it's flimsy even on technical grounds because the leak only ever happens once[2].

[1] https://sourceware.org/git/?p=binutils-gdb.git;a=blob_plain;f=binutils/SECURITY.txt;hb=HEAD
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=32716#c2
Note You need to log in before you can comment on or make changes to this bug.