2399948 – (CVE-2025-11083) CVE-2025-11083 binutils: GNU Binutils Linker heap-based overflow

Bug 2399948 (CVE-2025-11083) - CVE-2025-11083 binutils: GNU Binutils Linker heap-based overflow

Summary: CVE-2025-11083 binutils: GNU Binutils Linker heap-based overflow

Keywords:
Status:	NEW
Alias:	CVE-2025-11083
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2400261 2400263 2400265 2400268 2400274 2400276 2400278 2400280 2400289 2400293 2400295 2400302 2400304 2400309 2400314 2400319 2400321 2400325 2400330 2400338 2400341 2400347 2400357 2400362 2400364 2400257 2400270 2400283 2400299 2400312 2400317 2400333 2400336 2400344 2400349 2400354
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-28 00:01 UTC by OSIDB Bzimport
Modified:	2025-09-29 22:13 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-28 00:01:34 UTC

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Note You need to log in before you can comment on or make changes to this bug.