How severe is CVE-2025-1149?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2025-1149?

This is classified as CWE-401, which is a common weakness in software security.

CVE-2025-1149

LOW Year: 2025

CVSS v3 Score

3.1

Low

CVSS v2 Score

2.6

Low

Weakness Type

CWE-401

View all →

Vulnerability Description

A vulnerability was found in GNU Binutils 2.43. It has been classified as problematic. This affects the function xstrdup of the file libiberty/xmalloc.c of the component ld. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The code maintainer explains: "I'm not going to commit some of the leak fixes I've been working on to the 2.44 branch due to concern that would destabilise ld. All of the reported leaks in this bugzilla have been fixed on binutils master."

CVE-2025-1148

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function link_order_scan of the file ld/ldelfgen.c of the component ld. The manipulation lea...

CWE-4012025

CVE-2025-1150

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfd_malloc of the file libbfd.c of the component ld. The manipulation leads...

CWE-4012025

CVE-2025-1151

LOW

CVSS:3.1(Low)

A vulnerability was found in GNU Binutils 2.43. It has been rated as problematic. This issue affects the function xmemdup of the file xmemdup.c of the component ld. The manipulation leads to memory le...

CWE-4012025

CVE-2025-47279

LOW

CVSS:3.1(Low)

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server w...

CWE-4012025

CVE-2019-19057

LOW

CVSS:3.3(Low)

Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory con...

CWE-4012019

CVE-2019-3815

LOW

CVSS:3.3(Low)

A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_io...

CWE-4012019

CVE-2025-1149

Vulnerability Description

Related Vulnerabilities

CVE-2025-1148

CVE-2025-1150

CVE-2025-1151

CVE-2025-47279

CVE-2019-19057

CVE-2019-3815