Buffer Overflow Affecting elfutils package, versions [0,]
Threat Intelligence
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-UNMANAGED-ELFUTILS-8730889
- published17 Feb 2025
- disclosed16 Feb 2025
- creditUnknown
Introduced: 16 Feb 2025
NewCVE-2025-1365 (opens in a new tab)How to fix?
A fix was pushed into the master branch but not yet published.
Overview
Affected versions of this package are vulnerable to Buffer Overflow through the process_symtab function. An attacker can execute arbitrary code by manipulating the argument D/a to trigger a buffer overflow.
Note: The project maintainers do not consider this a vulnerability, based on the following clause in the project's security policy: "Since most elfutils tools are run in short-lived, local, interactive, development context rather than remotely 'in production', we generally treat malfunctions as ordinary bugs rather than security vulnerabilities."