CVE-2025-11413

Name
CVE-2025-11413
Description
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://sourceware.org/bugzilla/attachment.cgi?id=16362
issue-tracking https://sourceware.org/bugzilla/show_bug.cgi?id=33452
issue-tracking https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10
patch https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0
signature https://vuldb.com/?ctiid.327349
vdb-entry https://vuldb.com/?id.327349
third-party-advisory https://vuldb.com/?submit.665587
product https://www.gnu.org/

Match rules

CPE URI Source package Min version Max version
binutils == 2.45 == 2.45
binutils == 2.46 == 2.46
cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:* binutils == None == 2.45

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils edge-main 2.45-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable