CVE-2025-11840
BaseFortify
Publication date: 2025-10-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.45 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a weakness in GNU Binutils 2.45, specifically in the function vfinfo within the file ldmisc.c. It allows an attacker to perform an out-of-bounds read through local execution, potentially leading to unintended behavior or information disclosure. The exploit is publicly available, and applying the provided patch (16357) is recommended to fix the issue.
How can this vulnerability impact me? :
The vulnerability can be exploited locally to cause an out-of-bounds read, which may lead to a denial of service or information disclosure. However, it does not affect confidentiality or integrity, only availability to some extent. The impact is limited due to the requirement of local access and low severity scores.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as patch 16357 to resolve the issue. Since the vulnerability can only be exploited locally, ensure that only trusted users have local access to the system until the patch is applied.