Skip to content

A flaw has been found in GNU Binutils 2.45. Impacted is...

Moderate severity Unreviewed Published Sep 28, 2025 to the GitHub Advisory Database • Updated Sep 28, 2025

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

References

Published by the National Vulnerability Database Sep 27, 2025
Published to the GitHub Advisory Database Sep 28, 2025
Last updated Sep 28, 2025

Severity

Moderate

EPSS score

Weaknesses

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Learn more on MITRE.

CVE ID

CVE-2025-11082

GHSA ID

GHSA-4whc-3xqp-jprr

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.