CVE-2024-57360

Publication date 21 January 2025

Last updated 27 February 2025

Ubuntu priority

https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
binutils	24.10 oracular	Fixed 2.43.1-4ubuntu1.1
	24.04 LTS noble	Fixed 2.42-4ubuntu2.4
	22.04 LTS jammy	Fixed 2.38-4ubuntu2.7
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

How can I get the fixes?
What do statuses mean?

Notes

seth-arnold

binutils isn't safe for untrusted inputs.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-7306-1
GNU binutils vulnerabilities
26 February 2025

Other references

https://www.cve.org/CVERecord?id=CVE-2024-57360
https://sourceware.org/bugzilla/show_bug.cgi?id=32467
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5f8987d3999edb26e757115fe87be55787d510b9