CVE-2025-11081

Name
CVE-2025-11081
Description
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt
issue-tracking https://sourceware.org/bugzilla/show_bug.cgi?id=33406
issue-tracking https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2
patch https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b
signature https://vuldb.com/?ctiid.326122
vdb-entry https://vuldb.com/?id.326122
third-party-advisory https://vuldb.com/?submit.661275
product https://www.gnu.org/

Match rules

CPE URI Source package Min version Max version
binutils == 2.45 == 2.45

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils edge-main 2.45-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable