CVE-2025-0840: 
NixOS vulnerability analysis and mitigation

A stack-based buffer overflow vulnerability was discovered in GNU Binutils versions up to 2.43, specifically affecting the disassemble_bytes function in binutils/objdump.c. The vulnerability was disclosed on January 29, 2025, and was assigned identifier CVE-2025-0840. The issue occurs when manipulating the argument buf, which can lead to a stack-based buffer overflow condition (NVD, Red Hat).

The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow) and CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer). The issue has received a CVSS v3.1 base score of 5.0 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L. The vulnerability can be triggered remotely, though the attack complexity is considered high and requires user interaction (Sourceware Bug, VulDB).

The vulnerability affects confidentiality, integrity, and availability of the system, though all with low impact ratings. The stack-based buffer overflow condition could potentially allow an attacker to manipulate the program's execution flow, potentially leading to code execution or system crashes (NVD, Red Hat).

The vulnerability has been fixed in GNU Binutils version 2.44. A patch with the identifier baac6c221e9d69335bf41366a1c7d87d8ab2f893 has been released to address this issue. Users are recommended to upgrade to the latest version as the primary mitigation strategy. For systems where immediate upgrading is not possible, no alternative workarounds have been provided that meet Red Hat Product Security criteria (Sourceware Commit, Red Hat).