CVE-2025-0840

CVE-2025-0840

Name

CVE-2025-0840

Description

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cna@vuldb.com	https://sourceware.org/bugzilla/attachment.cgi?id=15882
cna@vuldb.com	https://sourceware.org/bugzilla/show_bug.cgi?id=32560
cna@vuldb.com	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893
cna@vuldb.com	https://vuldb.com/?ctiid.293997
cna@vuldb.com	https://vuldb.com/?id.293997
cna@vuldb.com	https://vuldb.com/?submit.485255
cna@vuldb.com	https://www.gnu.org/

Type

URI

cna@vuldb.com

https://sourceware.org/bugzilla/attachment.cgi?id=15882

cna@vuldb.com

https://sourceware.org/bugzilla/show_bug.cgi?id=32560

cna@vuldb.com

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=baac6c221e9d69335bf41366a1c7d87d8ab2f893

cna@vuldb.com

https://vuldb.com/?ctiid.293997

cna@vuldb.com

https://vuldb.com/?id.293997

cna@vuldb.com

https://vuldb.com/?submit.485255

cna@vuldb.com

https://www.gnu.org/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gnu:binutils::::::::`	binutils	>= None	< 2.44

CPE URI

Source package

Min version

Max version

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

binutils

>= None

< 2.44

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
binutils	edge-main	2.44-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
binutils	edge-main	2.43.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
binutils	3.22-main	2.44-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
binutils	3.21-main	2.43.1-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
binutils	3.21-main	2.43.1-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
binutils	3.21-main	2.43.1-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
binutils	3.20-main	2.42-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
binutils	3.20-main	2.42-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
binutils	3.19-main	2.41-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
binutils	3.19-main	2.41-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
binutils	3.18-main	2.40-r8	Ariadne Conill <ariadne@dereferenced.org>	fixed

Source package

Branch

Version

Maintainer

Status

binutils

edge-main

2.44-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

binutils

edge-main