Login Sign Up

CVE-2025-0840

5.0 MEDIUM
Buffer Overflow

📋 TL;DR

A stack-based buffer overflow vulnerability exists in GNU Binutils' objdump tool when processing specially crafted input. This could allow remote attackers to potentially execute arbitrary code or cause denial of service. Users of Binutils versions up to 2.43 are affected.

💻 Affected Systems

Products:
  • GNU Binutils
Versions: All versions up to and including 2.43
Operating Systems: Linux, Unix-like systems, Windows (via Cygwin/MinGW)
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where objdump or related Binutils tools process untrusted input files.

📦 What is this software?

Binutils by Gnu

View all CVEs affecting Binutils →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if exploitation succeeds and no mitigations are in place.

🟠

Likely Case

Application crash (denial of service) due to the high complexity and difficulty of reliable exploitation.

🟢

If Mitigated

Minimal impact if modern OS protections (ASLR, stack canaries) are enabled and the system is properly hardened.

🌐 Internet-Facing: MEDIUM - Remote exploitation is possible but requires specific conditions and the complexity is high.
🏢 Internal Only: LOW - Requires local access or specific network exposure of vulnerable Binutils tools.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit details are publicly available but reliable exploitation is considered difficult due to modern mitigations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.44

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=32560

Restart Required: No

Instructions:

1. Download Binutils 2.44 from official GNU mirrors. 2. Compile and install following standard build procedures. 3. Replace existing Binutils installation with new version.

🔧 Temporary Workarounds

Restrict objdump usage

linux

Limit execution of objdump to trusted users and avoid processing untrusted files.

chmod 750 /usr/bin/objdump
setfacl -m u:trusteduser:rx /usr/bin/objdump

Enable OS security features

linux

Ensure ASLR, stack protection, and other memory corruption mitigations are active.

sysctl -w kernel.randomize_va_space=2
gcc -fstack-protector-strong -D_FORTIFY_SOURCE=2

🧯 If You Can't Patch

  • Implement strict input validation for any application using Binutils tools
  • Isolate systems running vulnerable Binutils versions from untrusted networks

🔍 How to Verify

Check if Vulnerable:

Run 'objdump --version' and check if version is 2.43 or earlier.

Check Version:

objdump --version | head -1

Verify Fix Applied:

After upgrade, confirm version is 2.44 or later with 'objdump --version'.

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault crashes of objdump process
  • Abnormal memory access patterns in system logs

Network Indicators:

  • Unexpected network connections originating from objdump processes

SIEM Query:

process_name:"objdump" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2025-0840
CVSS v3 Score: 5.0 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.44% exploit probability (62.8th percentile)
Published: January 29, 2025
Last Updated: March 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0840, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)