Primary

Context

GNU Binutils Memory Leak Vulnerability in ld Component

Vulnerability

Patched

A memory leak vulnerability has been identified in GNU Binutils version 2.43, specifically within the ld component's xstrdup function. This issue allows for a remote attack, although it requires user interaction from the victim. The vulnerability arises because the software does not properly manage and release allocated memory, leading to increased memory consumption over time. While the exploitation of this vulnerability is considered difficult, technical details and a public proof-of-concept exploit are available.

Impact

Exploitation of this vulnerability causes a memory leak, which can gradually deplete system resources and impact the availability of the application or service.

Remediation

Users are advised to update to a version of GNU Binutils that includes the memory leak fix. The latest version can be obtained from the official GNU Binutils release page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Binutils Memory Leak Vulnerability in ld Component

Vulnerability

Impact

Remediation

Affected Products

GNU Binutils

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating