CVE-2025-11494
BaseFortify
Publication date: 2025-10-08
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.45 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU Binutils 2.45 within the function _bfd_x86_elf_late_size_sections in the file bfd/elfxx-x86.c of the Linker component. It causes an out-of-bounds read due to improper manipulation. The vulnerability requires local access to exploit and the exploit code has been made public. Applying the provided patch can remediate the issue.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a to the GNU Binutils 2.45 component to remediate the issue.
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds read which may cause a denial of service or other impacts related to reading invalid memory. Since it requires local access, an attacker must have some level of access to the system to exploit it. The impact is limited to availability as there is no confidentiality or integrity loss indicated.