5.3 CVE-2025-11082
Patch Exploit
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
https://nvd.nist.gov/vuln/detail/CVE-2025-11082
Categories
CWE-119
References
cna@vuldb.com Patch Exploit
| https://sourceware.org/bugzilla/attachment.cgi?id=16358 Broken Link |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33464 Exploit Issue Tracking |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 Exploit Issue Tracking |
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a6... Patch |
| https://vuldb.com/?ctiid.326123 Permissions Required VDB Entry |
| https://vuldb.com/?id.326123 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.661276 Third Party Advisory VDB Entry |
| https://www.gnu.org/ Product |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:* | ||
REMEDIATION
Patch
| Url |
|---|
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a6... |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
| Url |
|---|
| https://sourceware.org/bugzilla/show_bug.cgi?id=33464 |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 |
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
