CVE-2025-8224
BaseFortify
Publication date: 2025-07-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.44 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8224 is a vulnerability in GNU Binutils version 2.44, specifically in the BFD Library function bfd_elf_get_str_section. It occurs when the function dereferences a null pointer or attempts to write to read-only memory while processing a malformed ELF binary's string table section. This causes a crash or termination of the application, leading to a denial of service. Exploiting this requires local access, and a patch is available to fix the issue. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause denial of service by crashing applications or tools that use the BFD library to process ELF files, such as objdump. An attacker with local access can supply a crafted ELF file with a corrupted string table section to trigger the crash, disrupting availability of the affected software. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the processing of ELF files with tools that use the BFD library, such as objdump. Using AddressSanitizer to run these tools on crafted ELF files with malformed string table sections can reveal segmentation faults or crashes indicating the vulnerability. For example, running objdump on a suspicious or crafted ELF file and monitoring for crashes or segmentation faults can help detect the issue. Specific commands include: `objdump -h <file>` or other objdump commands on ELF files, ideally under AddressSanitizer instrumentation to catch invalid memory accesses. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patch identified by the commit hash db856d41004301b3a56438efd957ef5cabb91530 released by GNU Binutils. Updating GNU Binutils to a version that includes this patch will fix the null pointer dereference issue. Additionally, restricting local access to trusted users can reduce the risk since the vulnerability requires local access to exploit. [1]