GNU Binutils ld xstrdup.c xstrdup memory leak
CVE-2025-1152 is a memory leak vulnerability in the GNU Binutils ld component, specifically related to the xstrdup. c xstrdup function. The vulnerability is categorized under CWE-401 (Improper Release of Memory). There is no CVSS score available and no known exploits in the wild. The affected products include Microsoft and Azure Linux versions 2. 0 and 3. 0. No patch or remediation information is provided in the available data. The vendor advisory from Microsoft Security Response Center does not include specific mitigation or patch details. The impact involves potential memory leaks which could degrade system performance or stability if exploited.
AI Analysis
Technical Summary
This vulnerability concerns a memory leak in the xstrdup function within the GNU Binutils ld tool, as identified by CVE-2025-1152. The issue is classified under CWE-401, indicating improper memory release. Affected versions include Microsoft and Azure Linux 2.0 and 3.0. No CVSS score or patch information is currently available, and no known exploits have been reported. The vendor advisory from Microsoft Security Response Center is referenced but does not provide explicit remediation or patch status. The vulnerability could lead to resource exhaustion over time due to unreleased memory allocations.
Potential Impact
The vulnerability causes a memory leak in the affected software, which may lead to degraded system performance or stability if the leak accumulates during operation. There are no known active exploits in the wild. The lack of patch information means the risk remains unmitigated unless addressed by the vendor.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. Until an official fix is released, monitor for vendor updates. No specific mitigation steps are provided in the advisory.
GNU Binutils ld xstrdup.c xstrdup memory leak
Description
CVE-2025-1152 is a memory leak vulnerability in the GNU Binutils ld component, specifically related to the xstrdup. c xstrdup function. The vulnerability is categorized under CWE-401 (Improper Release of Memory). There is no CVSS score available and no known exploits in the wild. The affected products include Microsoft and Azure Linux versions 2. 0 and 3. 0. No patch or remediation information is provided in the available data. The vendor advisory from Microsoft Security Response Center does not include specific mitigation or patch details. The impact involves potential memory leaks which could degrade system performance or stability if exploited.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability concerns a memory leak in the xstrdup function within the GNU Binutils ld tool, as identified by CVE-2025-1152. The issue is classified under CWE-401, indicating improper memory release. Affected versions include Microsoft and Azure Linux 2.0 and 3.0. No CVSS score or patch information is currently available, and no known exploits have been reported. The vendor advisory from Microsoft Security Response Center is referenced but does not provide explicit remediation or patch status. The vulnerability could lead to resource exhaustion over time due to unreleased memory allocations.
Potential Impact
The vulnerability causes a memory leak in the affected software, which may lead to degraded system performance or stability if the leak accumulates during operation. There are no known active exploits in the wild. The lack of patch information means the risk remains unmitigated unless addressed by the vendor.
Mitigation Recommendations
Patch status is not yet confirmed — check the Microsoft Security Response Center advisory for current remediation guidance. Until an official fix is released, monitor for vendor updates. No specific mitigation steps are provided in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_vex
- Csaf Version
- 2.0
- Publisher
- Microsoft Security Response Center
- Advisory Id
- msrc_CVE-2025-1152
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a209852e29bf47b50ebf9f8
Added to database: 6/3/2026, 9:10:42 PM
Last enriched: 6/3/2026, 9:20:45 PM
Last updated: 6/4/2026, 4:57:24 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.