CVE-2025-11412
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.45 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU Binutils 2.45, specifically in the function bfd_elf_gc_record_vtentry within the file bfd/elflink.c of the Linker component. It allows an attacker with local access to cause an out-of-bounds read, which means the program reads memory outside the intended boundaries. This could potentially lead to unexpected behavior or crashes. A patch has been released to fix this issue.
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds read when exploited locally, which may cause application crashes or other unintended behavior. Since it requires local access and does not affect confidentiality or integrity, the impact is limited but could affect availability or stability of the affected software.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, it is recommended to deploy the patch identified by commit 047435dd988a3975d40c6626a8f739a0b2e154bc for GNU Binutils 2.45. Since local access is required for exploitation, restricting local access and applying the patch promptly are immediate steps to reduce risk.