2399943 – (CVE-2025-11082) CVE-2025-11082 binutils: GNU Binutils Linker heap-based overflow

Bug 2399943 (CVE-2025-11082) - CVE-2025-11082 binutils: GNU Binutils Linker heap-based overflow

Summary: CVE-2025-11082 binutils: GNU Binutils Linker heap-based overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-11082
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2400262 2400267 2400271 2400273 2400284 2400286 2400288 2400291 2400297 2400300 2400303 2400308 2400311 2400313 2400320 2400326 2400328 2400331 2400334 2400340 2400342 2400346 2400352 2400360 2400363 2400365 2400259 2400282 2400294 2400306 2400316 2400323 2400337 2400350 2400356 2400358
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-27 23:01 UTC by OSIDB Bzimport
Modified:	2025-09-29 22:13 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-27 23:01:15 UTC

A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

Note You need to log in before you can comment on or make changes to this bug.