2399943 – (CVE-2025-11082) CVE-2025-11082 binutils: GNU Binutils Linker heap-based overflow

Bug 2399943 (CVE-2025-11082) - CVE-2025-11082 binutils: GNU Binutils Linker heap-based overflow

Summary: CVE-2025-11082 binutils: GNU Binutils Linker heap-based overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-11082
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2400262 2400267 2400271 2400273 2400284 2400286 2400288 2400291 2400297 2400300 2400303 2400340 2400342 2400346 2400352 2400360 2400363 2400365 2400259 2400282 2400294 2400306 2400308 2400311 2400313 2400316 2400320 2400323 2400326 2400328 2400331 2400334 2400337 2400350 2400356 2400358
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-27 23:01 UTC by OSIDB Bzimport
Modified:	2025-12-18 10:05 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2025:23306	0	None	None	None	2025-12-18 10:05:50 UTC
Red Hat Product Errata	RHSA-2025:23405	0	None	None	None	2025-12-18 10:03:41 UTC

Description OSIDB Bzimport 2025-09-27 23:01:15 UTC

A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

Comment 2 errata-xmlrpc 2025-12-18 10:03:40 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:23405 https://access.redhat.com/errata/RHSA-2025:23405

Comment 3 errata-xmlrpc 2025-12-18 10:05:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:23306 https://access.redhat.com/errata/RHSA-2025:23306

Note You need to log in before you can comment on or make changes to this bug.