cbcvebase.
CVE-2025-11495
published 2025-10-08

CVE-2025-11495: A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the…

low1.9CVSS 4.0
AVLACLATNPRLUINVCNVINVALSCNSINSANEPCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianbinutils< binutils 2.46-1 (forky)binutils 2.46-1 (forky)
gnubinutils
gnubinutils>= 0 < 2.46-12.46-1
gnubinutils>= 0 < 2.38-4ubuntu2.122.38-4ubuntu2.12
gnubinutils>= 0 < 2.42-4ubuntu2.82.42-4ubuntu2.8
gnubinutils>= 0 < 2.45-7ubuntu1.22.45-7ubuntu1.2
gnubinutils>= 0 < 2.24-5ubuntu14.2+esm82.24-5ubuntu14.2+esm8
gnubinutils>= 0 < 2.26.1-1ubuntu1~16.04.8+esm142.26.1-1ubuntu1~16.04.8+esm14
gnubinutils>= 0 < 2.30-21ubuntu1~18.04.9+esm132.30-21ubuntu1~18.04.9+esm13
gnubinutils>= 0 < 2.34-6ubuntu1.11+esm22.34-6ubuntu1.11+esm2
msrcazl3_binutils_2.41-7_on_azure_linux_3.0
msrcazl3_crash_8.0.4-4_on_azure_linux_3.0
msrccbl2_binutils_2.37-16_on_cbl_mariner_2.0
msrccbl2_binutils_2.37-17_on_cbl_mariner_2.0
msrccbl2_crash_8.0.1-4_on_cbl_mariner_2.0
msrccbl2_gdb_11.2-6_on_cbl_mariner_2.0
msrccbl2_gdb_11.2-7_on_cbl_mariner_2.0

CVSS provenance

nvdv4.01.9LOWCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv4.8MEDIUM