CVE-2025-11494

Name
CVE-2025-11494
Description
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
exploit https://sourceware.org/bugzilla/attachment.cgi?id=16389
issue-tracking https://sourceware.org/bugzilla/show_bug.cgi?id=33499
issue-tracking https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2
patch https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a
signature https://vuldb.com/?ctiid.327619
vdb-entry https://vuldb.com/?id.327619
third-party-advisory https://vuldb.com/?submit.668281
product https://www.gnu.org/

Match rules

CPE URI Source package Min version Max version
binutils == 2.45 == 2.45
cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:* binutils == None == 2.45

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils edge-main 2.45-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable