CVE-2025-11083

CWE-119 — Buffer Overflow CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write11 documents9 sources

Severity

4.8MEDIUM

EPSS

0.0%

top 93.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Binutils

Timeline

PublishedSep 27

Latest updateDec 10

Description

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

▶Debianbinutils< 2.46-1

▶Ubuntubinutils< 2.38-4ubuntu2.10+1

▶CVEListV5gnu/binutils2.45

▶NVDgnu/binutils2.45

Patches

Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

binutils vulnerabilities↗2025-10-29

▶

GHSA

GHSA-fmx9-hrmg-3x9v: A vulnerability has been found in GNU Binutils 2↗2025-09-28

▶

OSV

CVE-2025-11083: A vulnerability has been found in GNU Binutils 2↗2025-09-27

▶

CVEList

GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow↗2025-09-27

▶

📋Vendor Advisories

Ubuntu

GNU binutils vulnerabilities↗2025-12-10

▶

Ubuntu

GNU binutils vulnerabilities↗2025-10-29

▶

Red Hat

binutils: GNU Binutils Linker heap-based overflow↗2025-09-27

▶

Microsoft

GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow↗2025-09-09

▶

Debian

CVE-2025-11083: binutils - A vulnerability has been found in GNU Binutils 2.45. The affected element is the...↗2025

▶

💬Community

Bugzilla

CVE-2025-11083 binutils: GNU Binutils Linker heap-based overflow↗2025-09-28

▶