CVE-2025-11413
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.45 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU Binutils 2.45 within the elf_link_add_object_symbols function of the bfd/elflink.c file in the Linker component. It causes an out-of-bounds read due to improper manipulation. The vulnerability requires local access to exploit and has a public exploit available. Upgrading to version 2.46 fixes the issue.
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds read, which may cause application crashes or potentially expose sensitive memory contents. Since the attack requires local access, the impact is limited to users or processes with local privileges. The CVSS scores indicate a low to moderate severity with no confidentiality or integrity impact but some impact on availability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade GNU Binutils to version 2.46, which addresses the issue in the elf_link_add_object_symbols function. Since the attack requires local access, limiting local user privileges and access can also help reduce risk until the upgrade is applied.