Alpine: multiple binutils packages: security update to 2.44-r3

low Tenable Self-Hosted Container Security Plugin ID 435089

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this
issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads
to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public
and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the
affected component. (CVE-2025-5244)

- A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the
function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads
to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to
the public and may be used. It is recommended to apply a patch to fix this issue. (CVE-2025-5245)

- A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the
function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The
manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is
e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
(CVE-2025-8225)

See Also

https://security.alpinelinux.org/vuln/CVE-2025-5244

https://security.alpinelinux.org/vuln/CVE-2025-5245

https://security.alpinelinux.org/vuln/CVE-2025-8225

Plugin Details

Severity: Low

ID: 435089

Version: Revision 1.4

Type: Local

Published: 8/26/2025

Updated: 10/6/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 6.9

Percentile: 96.97

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-5245

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Low

Base Score: 1.9

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-8225

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/27/2025

Reference Information

CVE: CVE-2025-5244, CVE-2025-5245, CVE-2025-8225