Bug 2346061 (CVE-2025-1376) - CVE-2025-1376 elfutils: GNU elfutils eu-strip elf_strptr.c elf_strptr denial of service
Summary: CVE-2025-1376 elfutils: GNU elfutils eu-strip elf_strptr.c elf_strptr denial ...
Keywords:
Status: NEW
Alias: CVE-2025-1376
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2346135 2346136
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-02-17 05:01 UTC by OSIDB Bzimport
Modified: 2025-02-18 10:14 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-02-17 05:01:11 UTC 
A vulnerability classified as problematic was found in GNU elfutils 0.192. This vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to fix this issue.
Comment 2 Mark Wielaard 2025-02-18 10:14:05 UTC 
Note that this CVE was filed without following the upstream SECURITY policy:
https://sourceware.org/cgit/elfutils/tree/SECURITY
This is NOT a security issue according to upstream policy.
It was filed against GNU as vendor but elfutils is not a GNU package.

Upstream request that people who report suspected security vulnerabilities
report them through the contacts in the SECURITY policy and not through non-affiliated CNAs.
Note You need to log in before you can comment on or make changes to this bug.