CVE-2025-1352— GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-1352
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruption
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability has been found in GNU elfutils 0.192 and classified as critical. This vulnerability affects the function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf. The manipulation of the argument w leads to memory corruption. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The name of the patch is 2636426a091bd6c6f7f02e49ab20d4cdc6bfc753. It is recommended to apply a patch to fix this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Elfutils 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Elfutils是Cuviper个人开发者的一套用于读取、创建和修改ELF二进制文件的实用程序和库的集合。 Elfutils 0.192版本存在缓冲区错误漏洞,该漏洞源于libdw_alloc.c文件中的__libdw_thread_tail函数,对参数w的操纵导致内存损坏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-1352
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-1352
请登录查看更多情报信息。
- Submit #495965: GNU elfutils/eu-readelf 0.192 illegal read accessthird-party-advisory
- CVE-2025-1352 GNU elfutils eu-readelf libdw_alloc.c __libdw_thread_tail memory corruptionvdb-entrytechnical-description
- https://nvd.nist.gov/vuln/detail/CVE-2025-1352
IV. Related Vulnerabilities
Same product: elfutils
- CVE-2025-1377
GNU elfutils eu-strip strip.c gelf_getsymshndx denial of ser - CVE-2025-1376
GNU elfutils eu-strip elf_strptr.c elf_strptr denial of serv - CVE-2025-1372
GNU elfutils eu-readelf readelf.c print_string_section buffe - CVE-2025-1371
GNU elfutils eu-read readelf.c handle_dynamic_symtab null po - CVE-2025-1365
GNU elfutils eu-readelf readelf.c process_symtab buffer over
Same weakness: CWE-119
- CVE-2026-22167
GPU DDK - Cache resident PM buffers writable by other GPU re - CVE-2026-27890
Firebird has Pre-Auth DOS when Processing Out of Order CNCT_ - CVE-2026-34864
Huawei HarmonyOS 安全漏洞 - CVE-2026-4149
Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code - CVE-2026-34988
Wasmtime leaks data between pooling allocator instances
V. Comments for CVE-2025-1352
No comments yet