CVE-2025-5244
GNU Binutils ld elflink.c elf_gc_sweep memory corruption
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the affected component.
| CWE | CWE-119 |
| Vendor | gnu |
| Product | binutils |
| Published | May 27, 2025 |
| Last Updated | May 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for gnu binutils
Be the first to know when new medium vulnerabilities affecting gnu binutils are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
GNU / Binutils
2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22 2.23 2.24 2.25 2.26 2.27 2.28 2.29 2.30 2.31 2.32 2.33 2.34 2.35 2.36 2.37 2.38 2.39 2.40 2.41 2.42 2.43 2.44
References
vuldb.com: https://vuldb.com/?id.310346 vuldb.com: https://vuldb.com/?ctiid.310346 vuldb.com: https://vuldb.com/?submit.584634 sourceware.org: https://sourceware.org/bugzilla/show_bug.cgi?id=32858 sourceware.org: https://sourceware.org/bugzilla/attachment.cgi?id=16010 sourceware.org: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d1458933830456e54223d9fc61f0d9b3a19256f5 gnu.org: https://www.gnu.org/ cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-265688.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Credits
๐ lcyf-fizz (VulDB User)