Improper Resource Shutdown or Release Affecting elfutils package, versions <0.190-1.1ubuntu0.1


Severity

Recommended
medium

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.04% (13th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2404-ELFUTILS-8731434
  • published18 Mar 2025
  • disclosed17 Feb 2025

Introduced: 17 Feb 2025

CVE-2025-1371  (opens in a new tab)
CWE-404  (opens in a new tab)
CWE-476  (opens in a new tab)

How to fix?

Upgrade Ubuntu:24.04 elfutils to version 0.190-1.1ubuntu0.1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream elfutils package and not the elfutils package as distributed by Ubuntu. See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

A vulnerability has been found in GNU elfutils 0.192 and classified as problematic. This vulnerability affects the function handle_dynamic_symtab of the file readelf.c of the component eu-read. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is identified as b38e562a4c907e08171c76b8b2def8464d5a104a. It is recommended to apply a patch to fix this issue.

CVSS Base Scores

version 3.1