CVE-2025-1147— GNU Binutils nm nm.c internal_strlen buffer overflow
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-1147
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU Binutils nm nm.c internal_strlen buffer overflow
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
GNU Binutils 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GNU Binutils(GNU Binary Utilities)是美国GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件,并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils 2.43版本存在安全漏洞,该漏洞源于nm部件的binutils/nm.c文件中的__sanitizer::internal_strlen函数包含一个缓冲区溢出问题。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-1147
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-1147
请登录查看更多情报信息。
- 32556 – nm address points to the zero pageissue-tracking
- Submit #485254: GNU binutils/nm 2.43 Buffer Overflowthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-1147
Same Patch Batch · GNU · 2025-02-10 · 7 CVEs total
| CVE-2025-1148 | 3.1 LOW | GNU Binutils ld ldelfgen.c link_order_scan memory leak |
| CVE-2025-1149 | 3.1 LOW | GNU Binutils ld xmalloc.c xstrdup memory leak |
| CVE-2025-1150 | 3.1 LOW | GNU Binutils ld libbfd.c bfd_malloc memory leak |
| CVE-2025-1151 | 3.1 LOW | GNU Binutils ld xmemdup.c xmemdup memory leak |
| CVE-2025-1152 | 3.1 LOW | GNU Binutils ld xstrdup.c xstrdup memory leak |
| CVE-2025-1153 | 3.1 LOW | GNU Binutils format.c bfd_set_format memory corruption |
IV. Related Vulnerabilities
Same product: Binutils
- CVE-2025-11840
GNU Binutils ldmisc.c vfinfo out-of-bounds - CVE-2025-11839
GNU Binutils prdbg.c tg_tag_type return value - CVE-2025-11495
GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_secti - CVE-2025-11494
GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_secti - CVE-2025-11414
GNU Binutils Linker elflink.c get_link_hash_entry out-of-bou
Same weakness: CWE-120
- CVE-2026-8260
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings - CVE-2026-8137
Totolink X5000R formDdns sub_458E40 buffer overflow - CVE-2026-6691
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow - CVE-2026-7857
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow - CVE-2026-7856
D-Link DI-8100 Web Management url_member.asp buffer overflow
V. Comments for CVE-2025-1147
No comments yet