Miggo Logo
Miggo Vulnerability Database
CVE-2025-1365

CVE-2025-1365: A vulnerability, which was classified as critical, was found in GNU elfutils 0.192. This affects...

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2025-1365
GHSA ID
GHSA-h2c8-cfp8-j597
EPSS Score
0.08404%
CWE
CWE-119
Published
2/17/2025
Updated
2/17/2025
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerable function process_symtab in readelf.c was identified directly from the vulnerability description. The description states that manipulation of the 'D/a' argument leads to a buffer overflow within this function. Due to the inability to fetch the actual commit diff (patch identifier 5e5c0394d82c53e97750fe7b18023e6f84157b81), the confidence is 'medium' as the analysis relies solely on the textual description rather than direct code inspection of the patch. The component is 'eu-readelf'..

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility, w*i** w*s *l*ssi*i** *s *riti**l, w*s *oun* in *NU *l*utils *.***. T*is *****ts t** *un*tion pro**ss_symt** o* t** *il* r****l*.* o* t** *ompon*nt *u-r****l*. T** m*nipul*tion o* t** *r*um*nt */* l***s to *u***r ov*r*low. Lo**l ****s

Reasoning

T** vuln*r**l* *un*tion `pro**ss_symt**` in `r****l*.*` w*s i**nti*i** *ir**tly *rom t** vuln*r**ility **s*ription. T** **s*ription st*t*s t**t m*nipul*tion o* t** '*/*' *r*um*nt l***s to * *u***r ov*r*low wit*in t*is *un*tion. *u* to t** in**ility t