5.3 CVE-2025-11083
Patch Exploit
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
https://nvd.nist.gov/vuln/detail/CVE-2025-11083
Categories
CWE-119
References
134c704f-9b21-4f2e-91b3-4a467353bcc0 Exploit
| https://sourceware.org/bugzilla/show_bug.cgi?id=33457 Exploit Issue Tracking |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 Exploit Issue Tracking |
cna@vuldb.com Patch Exploit
| https://sourceware.org/bugzilla/attachment.cgi?id=16353 Broken Link |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33457 Exploit Issue Tracking |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1 Exploit Issue Tracking |
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f9... Patch |
| https://vuldb.com/?ctiid.326124 Permissions Required VDB Entry |
| https://vuldb.com/?id.326124 Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.661277 Third Party Advisory VDB Entry |
| https://www.gnu.org/ Product |
CPE
| cpe | start | end |
|---|---|---|
| Configuration 1 | ||
| cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:* | ||
REMEDIATION
Patch
| Url |
|---|
| https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f9... |
EXPLOITS
Exploit-db.com
| id | description | date | |
|---|---|---|---|
| No known exploits | |||
POC Github
| Url |
|---|
| No known exploits |
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id | description | severity |
|---|---|---|
| No entry | ||
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
