CVE-2025-11414
BaseFortify
Publication date: 2025-10-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.45 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU Binutils 2.45, specifically in the function get_link_hash_entry within the file bfd/elflink.c of the Linker component. It causes an out-of-bounds read, which means the program reads memory outside the intended boundaries. The attack exploiting this vulnerability can only be executed locally. The issue has been publicly disclosed and can be exploited. Upgrading to version 2.46 fixes this vulnerability.
How can this vulnerability impact me? :
The vulnerability allows an attacker with local access to cause an out-of-bounds read, which can lead to a denial of service or potentially crash the affected application. However, it does not impact confidentiality or integrity, only availability to some extent. The CVSS scores indicate a low to moderate impact with no confidentiality or integrity loss but some impact on availability.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade GNU Binutils to version 2.46 or later, as this version addresses the issue in the get_link_hash_entry function of bfd/elflink.c.