CVE-2025-11495Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer OverflowCWE-805Buffer Access with Incorrect Length Value9 documents9 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 92.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedOct 8
Latest updateDec 10

Description

A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

Debiangnu/binutils< 2.46-1
CVEListV5gnu/binutils2.45
NVDgnu/binutils2.45

Patches

Patch: sourceware.org

🔴Vulnerability Details

3
OSV
CVE-2025-11495: A vulnerability was determined in GNU Binutils 22025-10-08
GHSA
GHSA-q93h-5j3x-2h4v: A vulnerability was determined in GNU Binutils 22025-10-08
CVEList
GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow2025-10-08

📋Vendor Advisories

4
Ubuntu
GNU binutils vulnerabilities2025-12-10
Microsoft
GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow2025-10-14
Red Hat
binutils: GNU Binutils Linker heap-based overflow2025-10-08
Debian
CVE-2025-11495: binutils - A vulnerability was determined in GNU Binutils 2.45. The affected element is the...2025

💬Community

1
Bugzilla
CVE-2025-11495 binutils: GNU Binutils Linker heap-based overflow2025-10-08