Unrated severityNVD Advisory· Published Feb 11, 2025· Updated Apr 11, 2025

GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow

CVE-2025-1176

Description

A heap-based buffer overflow in GNU Binutils 2.43's ld (elflink.c) allows remote attackers to potentially cause a denial of service or execute arbitrary code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A heap-based buffer overflow in GNU Binutils 2.43's ld (elflink.c) allows remote attackers to potentially cause a denial of service or execute arbitrary code.

Vulnerability

A heap-based buffer overflow vulnerability exists in the _bfd_elf_gc_mark_rsec function in elflink.c of the ld component in GNU Binutils version 2.43. The issue arises when processing crafted ELF files, leading to a buffer overflow on the heap.

Exploitation

Exploitation requires crafting a malicious ELF file that triggers the vulnerability upon linking. The attack can be initiated remotely with high complexity, and a public exploit is available. Successful exploitation is considered difficult.

Impact

A successful exploit could result in a heap-based buffer overflow, potentially leading to denial of service or arbitrary code execution under the context of the linker.

Mitigation

The GNU Binutils project has released a patch identified by commit f9978defb6fab0bd8583942d97c112b0932ac814. Users are advised to apply the patch from the official repository [1]. No fixed version number has been announced as of publication.

References

The GNU Operating System and the Free Software Movement

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

112

GNU/Binutilsllm-fuzzy2 versions
= 2.43+ 1 more
- (no CPE)range: = 2.43
- (no CPE)range: 2.43
osv-coords110 versions
pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/binutils&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/bpftool&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-aarch64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-arm-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-avr-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-bpf-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-bpf-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-epiphany-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-hppa64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-hppa-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-i386-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-ia64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-loongarch64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-m68k-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-mips-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-ppc64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-ppc64le-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-ppc-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-pru-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-pru-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-riscv64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-rx-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-s390-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-s390x-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-sparc64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-sparc-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-spu-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-x86_64-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-x86_64-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/cross-xtensa-binutils&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/cross-xtensa-binutils&distro=openSUSE%20Leap%2016.0 pkg:rpm/opensuse/openucx&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/perf&distro=openSUSE%20Leap%2015.6 pkg:rpm/suse/binutils&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/binutils&distro=SUSE%20Linux%20Micro%206.2 pkg:rpm/suse/binutils&distro=SUSE%20Manager%20Proxy%20LTS%204.3 pkg:rpm/suse/binutils&distro=SUSE%20Manager%20Server%20LTS%204.3 pkg:rpm/suse/bpftool&distro=SUSE%20Linux%20Enterprise%20Server%2016.0 pkg:rpm/suse/bpftool&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0 pkg:rpm/suse/openucx&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7 pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/openucx&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/openucx&distro=SUSE%20Manager%20Proxy%20LTS%204.3 pkg:rpm/suse/openucx&distro=SUSE%20Manager%20Server%20LTS%204.3 pkg:rpm/suse/perf&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/perf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 2.45-150100.7.57.1+ 109 more
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-1.2
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 1.15.0-150600.3.5.2
- (no CPE)range: < 6.4.0.git33229.a3afe13a7f-150600.3.17.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-160000.1.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 2.45-150100.7.57.1
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 7.5.0-160000.2.3
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.15.0-150600.3.5.2
- (no CPE)range: < 1.17.0-150700.4.2.7
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.9.0-150300.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.13.1-150500.4.2.5
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 1.11.1-150400.4.2.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 6.4.0.git33229.a3afe13a7f-150600.3.17.1
- (no CPE)range: < 6.4.0.git54263.0aad576b1c-150700.3.2.2
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1
- (no CPE)range: < 5.3.18-150300.38.7.1
- (no CPE)range: < 5.14.21-150400.44.20.1
- (no CPE)range: < 5.14.21-150500.52.5.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceware.org/bugzilla/attachment.cgimitreexploit
vuldb.commitrethird-party-advisory
sourceware.org/bugzilla/show_bug.cgimitreissue-tracking
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.gnu.orgmitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000