CVE-2025-1180: 
NixOS vulnerability analysis and mitigation

A vulnerability has been identified in GNU Binutils 2.43, specifically affecting the _bfd_elf_write_section_eh_frame function in the bfd/elf-eh-frame.c file of the ld component. The vulnerability was disclosed on February 11, 2025, and is tracked as CVE-2025-1180. This security flaw can lead to memory corruption when processing specially crafted input files (NVD, Red Hat).

The vulnerability manifests as an illegal read access in the _bfd_elf_write_section_eh_frame function when using the --gc-sections and --gc-keep-exported options. The issue has been assigned a CVSS v3.1 base score of 3.1 (Low), with the following vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L. The attack complexity is considered high, requiring no privileges but user interaction, and affects only availability with low impact (Snyk, Red Hat).

The vulnerability can cause the linker (ld) to crash due to illegal memory read access, resulting in application instability and denial of service. The illegal memory access may lead to undefined behavior, potentially corrupting memory and affecting other processes running on the system (VulDB Submit).

The issue has been fixed in a recent update. As noted by Nick Clifton in the bug report, the vulnerability was resolved along with other related bug fixes. Users are recommended to apply the available patch to address this security issue (Sourceware Bugzilla).