Unrated severityNVD Advisory· Published Feb 10, 2025· Updated Apr 4, 2025
GNU Binutils nm nm.c internal_strlen buffer overflow
CVE-2025-1147
Description
A vulnerability has been found in GNU Binutils 2.43 and classified as problematic. Affected by this vulnerability is the function __sanitizer::internal_strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
Affected products
112- osv-coords110 versionspkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/bpftool&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-bpf-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-bpf-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-loongarch64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-pru-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-pru-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-x86_64-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-x86_64-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cross-xtensa-binutils&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/cross-xtensa-binutils&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/openucx&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/perf&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/binutils&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/binutils&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/bpftool&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/bpftool&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/openucx&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/openucx&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/openucx&distro=SUSE%20Manager%20Server%20LTS%204.3pkg:rpm/suse/perf&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 2.45-150100.7.57.1+ 109 more
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-1.2
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 1.15.0-150600.3.5.2
- (no CPE)range: < 6.4.0.git33229.a3afe13a7f-150600.3.17.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.15.0-150600.3.5.2
- (no CPE)range: < 1.17.0-150700.4.2.7
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 6.4.0.git33229.a3afe13a7f-150600.3.17.1
- (no CPE)range: < 6.4.0.git54263.0aad576b1c-150700.3.2.2
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- sourceware.org/bugzilla/attachment.cgimitreexploit
- vuldb.commitrethird-party-advisory
- sourceware.org/bugzilla/show_bug.cgimitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
- www.gnu.orgmitreproduct
News mentions
0No linked articles in our index yet.