CVE-2025-1179: 
NixOS vulnerability analysis and mitigation

A critical vulnerability was discovered in GNU Binutils version 2.43, specifically affecting the bfd_putl64 function in the bfd/libbfd.c file of the ld component. The vulnerability was disclosed on February 11, 2025, and has been assigned CVE-2025-1179. The issue allows for memory corruption through remote exploitation, though the attack complexity is considered high (NVD, Red Hat).

The vulnerability exists in the bfdputl64 function within the libbfd.c file, which can be triggered when using the -w option with a specially crafted input file. The issue has received a CVSS v3.1 base score of 5.0 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L. The vulnerability is classified as CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (Red Hat, [Bugzilla](https://sourceware.org/bugzilla/showbug.cgi?id=32640)).

When exploited, the vulnerability leads to memory corruption through illegal memory access, potentially causing the linker to crash and resulting in denial of service. The attack can be launched remotely, though it requires high complexity and user interaction (NVD, Bugzilla).

The vulnerability has been fixed in GNU Binutils version 2.44. Users are recommended to upgrade to this version to address the issue. The code maintainer has confirmed that the bug was fixed between versions 2.43 and 2.44 (Bugzilla).