Primary

Context

GNU Binutils Memory Leak Vulnerability in ld Component

Vulnerability

A memory leak vulnerability has been identified in GNU Binutils version 2.43, specifically within the ld component's link_order_scan function in ldelfgen.c. This vulnerability allows for a denial-of-service condition, as the application fails to properly manage and release memory, leading to increased memory consumption. The issue can be exploited remotely, but requires user interaction.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leaking memory, which can lead to increased memory usage and potential exhaustion of system resources.

Reproduction

The vulnerability can be reproduced by using the ld command with the -w option to link an input file that has a section extending past the end of the file. This triggers the memory leak, which can be detected using a tool like LeakSanitizer.

Remediation

Users are advised to update to a version of GNU Binutils that includes the leak fixes, which are available in the 'master' branch.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Binutils Memory Leak Vulnerability in ld Component

Vulnerability

Impact

Reproduction

Remediation

Affected Products

GNU Binutils

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating