CVE-2025-5245Improper Restriction of Operations within the Bounds of a Memory Buffer in Binutils

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-94Code Injection12 documents9 sources
Severity
4.8MEDIUMNVD
GHSA7.9
EPSS
0.1%
top 75.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMay 27
Latest updateDec 1

Description

A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages4 packages

NVDgnu/binutils< 2.45
Debiangnu/binutils< 2.45-3
Ubuntugnu/binutils< 2.38-4ubuntu2.10+1
CVEListV5gnu/binutils45 versions+44

🔴Vulnerability Details

5
OSV
binutils vulnerabilities2025-10-29
GHSA
Hibernate Validator may interpolate user-supplied input in a constraint violation message with Expression Language2025-06-03
CVEList
GNU Binutils objdump debug.c debug_type_samep memory corruption2025-05-27
GHSA
GHSA-h92g-mrpv-x8v2: A vulnerability classified as critical has been found in GNU Binutils up to 22025-05-27
OSV
CVE-2025-5245: A vulnerability classified as critical has been found in GNU Binutils up to 22025-05-27

📋Vendor Advisories

6
Ubuntu
GNU binutils vulnerabilities2025-12-01
Ubuntu
GNU binutils vulnerabilities2025-10-29
Red Hat
hibernate-validator: Hibernate Validator Expression Language Injection2025-06-03
Red Hat
binutils: GNU Binutils objdump debug.c debug_type_samep memory corruption2025-05-27
Microsoft
GNU Binutils objdump debug.c debug_type_samep memory corruption2025-05-13
CVE-2025-5245 — GNU Binutils vulnerability | cvebase