Out-of-Bounds Affecting elfutils package, versions [0,]
Threat Intelligence
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UNMANAGED-ELFUTILS-8730888
- published17 Feb 2025
- disclosed16 Feb 2025
- creditUnknown
Introduced: 16 Feb 2025
NewCVE-2025-1352 (opens in a new tab)How to fix?
A fix was pushed into the master branch but not yet published.
Overview
Affected versions of this package are vulnerable to Out-of-Bounds due to the manipulation of the argument w in the function __libdw_thread_tail.
Note: The project maintainers do not consider this a vulnerability, based on the following clause in the project's security policy: "Since most elfutils tools are run in short-lived, local, interactive, development context rather than remotely 'in production', we generally treat malfunctions as ordinary bugs rather than security vulnerabilities."