37 matches found
CVE-2025-1153
GNU Binutils 2.43/2.44 contains a memory-corruption vulnerability in bfd_set_format within format.c. The issue can be triggered remotely; attack complexity is high and no privileges are required. A fix is available in Binutils 2.45, with patch identifier 8d97c1a53f3dc9fd8e1ccdb039b8a33d50133150. ...
CVE-2025-3198
CVE-2025-3198 affects GNU Binutils 2.43/2.44, specifically the display_info function in binutils/bucomm.c used by objdump. The issue is a memory leak caused by the manipulation within display_info. Exploitation is described as local, with the exploit disclosure publicly available. A patch is iden...
CVE-2025-0840
CVE-2025-0840 affects GNU Binutils up to 2.43, targeting the function disassemble_bytes in binutils/objdump.c. The vulnerability arises from manipulating the argument buf, causing a stack-based buffer overflow. A remote attacker can exploit this, with attack complexity labeled as high and exploit...
CVE-2025-5244
CVE-2025-5244 affects GNU Binutils up to 2.44. The vulnerability is in the ld component, specifically the function elf_gc_sweep in bfd/elflink.c , where input length handling leads to memory corruption. The exploit requires a local attack vector, and public disclosures indicate the exploit is ava...
CVE-2025-5245
The CVE-2025-5245 entry pertains to GNU Binutils up to version 2.44, affecting the objdump component. The flaw is in the debug_type_samep function inside /binutils/debug.c, where improper data handling leads to memory corruption. This enables a local attacker to exploit the vulnerability, and pub...
CVE-2025-1150
CVE-2025-1150 affects GNU Binutils, specifically the ld component’s libbfd.c function bfd_malloc, causing a memory leak. Public reports describe remote exploitation with high attack complexity and an initial leak in Binutils 2.43. Connected advisories confirm fixes were implemented in later binut...
CVE-2025-1149
CVE-2025-1149 affects GNU Binutils 2.43, specifically the xstrdup path in libiberty/xmalloc.c used by ld, causing a memory leak. The issue can be exploited remotely and is described as high attack complexity with the exploit publicly disclosed. Reports indicate fixes have been committed to the ma...
CVE-2025-1152
CVE-2025-1152 affects GNU Binutils 2.43, specifically the function xstrdup in xstrdup.c within the ld component, causing a memory leak. Publicly disclosed exploit details indicate the issue can be triggered remotely, with attack complexity described as high and exploitability as low to moderate d...
CVE-2025-1151
CVE-2025-1151 concerns GNU Binutils 2.43, where the memory leak originates in ld’s xmemdup.c (function xmemdup). The vulnerability can be triggered remotely and is described as high attack complexity with a disclosed exploit. Several connected advisories document a patch path: openSUSE/SUSE advis...
CVE-2025-1147
CVE-2025-1147 refers to a buffer overflow in GNU Binutils 2.43, specifically in nm.c:__sanitizer::internal_strlen. Connected advisories indicate the fix is in Binutils 2.45, with openSUSE/SUSE advisories recommending upgrading to 2.45 (and related patch content). The vulnerability is exploitable ...
CVE-2025-1176
Affected software : GNU Binutils 2.43, specifically the ld component and the function _bfd_elf_gc_mark_rsec in elflink.c. Vulnerability : heap-based buffer overflow. Impact/conditions : may be exploited remotely; attack complexity is high; privileges required: none; user interaction required. Exp...
CVE-2025-1179
GNU Binutils 2.43 contains a memory corruption vulnerability in the ld component, specifically in the bfd_putl64 function of bfd/libbfd.c. The issue can be triggered remotely and is characterized by high attack complexity and the possibility of exploitation being disclosed publicly. Upgrading to ...
CVE-2025-1180
The CVE-2025-1180 issue affects GNU Binutils 2.43, specifically the _bfd_elf_write_section_eh_frame function in bfd/elf-eh-frame.c used by ld. It causes memory corruption and can be triggered remotely; attack complexity is high, and exploitation is possible after disclosure. The available sources...
CVE-2025-1181
GNU Binutils 2.43 contains a memory corruption vulnerability in ld: the function _bfd_elf_gc_mark_rsec in bfd/elflink.c is affected, enabling a remote exploit with high attack complexity as per CVSS-derived notes. The exposure is linked to memory corruption in the ld component, and a patch is ref...
CVE-2025-1182
CVE-2025-1182 affects GNU Binutils 2.43, specifically the ld component; the memory corruption is triggered by bfd_elf_reloc_symbol_deleted_p in bfd/elflink.c. The vulnerability is remote-exploitable with high attack complexity, and public exploitation is noted. A patch is available (patch id: b42...
CVE-2025-1148
GNU Binutils 2.43 contains a memory-leak vulnerability in ld/ldelfgen.c: link_order_scan. The issue is exploitable remotely with high attack complexity; vendor notes fixes have been made on master and a 2.45 branch/updates are available (binutils 2.45), so upgrading to a newer Binutils release is...
CVE-2025-1178
CVE-2025-1178 affects GNU Binutils 2.43, specifically the ld component’s libbfd.c function bfd_putl64, where memory corruption is triggered. The issue can be exploited remotely with high attack complexity, and the exploit has been disclosed publicly. A patch identifier 75086e9de1707281172cc77f178...
CVE-2025-11840
GNU Binutils 2.45 contains a vulnerability in the vfinfo function of ldmisc.c that can cause an out‑of‑bounds read. The issue is exploitable locally, and the exploit has been publicly released. A patch is referenced as 16357 and applying it is the recommended remediation. The vulnerability is not...
CVE-2025-8224
CVE-2025-8224 affects GNU Binutils 2.44, specifically the BFD Library’s function bfd_elf_get_str_section in bfd/elf.c. The issue can cause a null pointer dereference and requires local access to exploit. Public exploit information exists. A patch is available (patch id: db856d41004301b3a56438efd9...
CVE-2025-11082
The CVE-2025-11082 entry concerns GNU Binutils 2.45. The vulnerable component is the linker function _bfd_elf_parse_eh_frame in bfd/elf-eh-frame.c, where manipulation can trigger a heap-based buffer overflow. Exploitation requires local execution, and an exploit has been published. The patch refe...
CVE-2025-11494
The CVE-2025-11494 entry corresponds to GNU Binutils 2.45. The vulnerability affects the linker component, specifically the function _bfd_x86_elf_late_size_sections in bfd/elfxx-x86.c, causing an out-of-bounds read. Exploitation requires local access, and public exploitation details exist. A patc...
CVE-2025-11081
CVE-2025-11081 pertains to GNU Binutils 2.45, specifically the dump_dwarf_section function in binutils/objdump.c. The issue allows a local attacker to trigger an out-of-bounds read, with exploit details publicly available. A patch is available (hash f87a66db645caf8cc0e6fc87b0c28c78a38af59b) and u...
CVE-2025-11083
CVE-2025-11083 affects GNU Binutils 2.45, specifically the linker component. The vulnerability is a heap-based overflow in the elf_swap_shdr function (bfd/elfcode.h) that requires local access to exploit. The advisory notes a patch was prepared and indicates fixes were made in version 2.46. Publi...
CVE-2025-11839
CVE-2025-11839 affects GNU Binutils 2.45, with the vulnerable code path in tg_tag_type inside prdbg.c. The issue results from an unchecked return value, enabling a local attacker to exploit it. Multiple connected sources corroborate a locally exploitable flaw and indicate that an exploit has been...
CVE-2025-7546
CVE-2025-7546 affects GNU Binutils 2.45. The vulnerable component is the function bfd_elf_set_group_contents in the file bfd/elf.c , where input data length/size handling can trigger a heap/out-of-bounds write . Local attacker access is required. The exploit has been disclosed publicly. A patch i...
CVE-2025-7545
GNU Binutils 2.45 contains a heap-based buffer overflow in the function copy_section (binutils/objcopy.c). The issue requires local access to exploit. Public disclosure of the exploit exists. A patch identified as 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 has been released and should be applied to...
CVE-2025-8225
The CVE-2025-8225 issue affects GNU Binutils 2.44, specifically the function process_debug_info in binutils/dwarf.c of the DWARF Section Handler. The vulnerability results in a memory leak and requires local access to exploit. A patch is identified by the commit hash e51fdff7d2e538c0e5accdd65649a...
CVE-2025-66862
CVE-2025-66862 affects GNU Binutils 2.26, with a buffer overflow in gnu_special (cplus-dem.c) that can cause a denial-of-service via a crafted PE file. The issue can trigger a heap-based buffer over-read and terminate affected processes. CVSS v3.1 base score 7.5 (HIGH). Connected advisories ident...
CVE-2025-11412
CVE-2025-11412 affects GNU Binutils 2.45, specifically the function bfd_elf_gc_record_vtentry in bfd/elflink.c of the linker. The issue enables an out-of-bounds read and requires local access. The exploit has been disclosed publicly. A patch identifier is listed: 047435dd988a3975d40c6626a8f739a0b...
CVE-2025-66863
CVE-2025-66863 describes a denial-of-service vulnerability in GNU BinUtils 2.26 caused by the d_discriminator function in cp-demangle.c when processing specially crafted Portable Executable (PE) files. The issue is triggered by crafted inputs and could render the affected application unavailable....
CVE-2025-66866
CVE-2025-66866 affects BinUtils 2.26. The issue is in the function d_abi_tags in cp-demangle.c and could allow a denial of service via a crafted PE file. NVD lists CVSSv3.1 scores (base 7.5 HIGH; AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). Remediation guidance appears in Red Hat Advisory: avoid process...
CVE-2025-11413
CVE-2025-11413 : In GNU Binutils 2.45, the vulnerability affects the linker component, specifically the function elf_link_add_object_symbols in bfd/elflink.c, which may cause an out-of-bounds read. The issue requires local access to exploit, and an exploit has been made public. A fix is available...
CVE-2025-11414
GNU Binutils 2.45 contains a local vulnerability in the linker’s bfd/elflink.c get_link_hash_entry function that allows an out-of-bounds read. The issue, disclosed publicly, is mitigated by upgrading to Binutils 2.46. A patch was identified (aeaaa9af6359c8e394ce9cf24911fec4f4d23703). Affected pro...
CVE-2025-66864
CVE-2025-66864 affects Binutils 2.26, where the d_print_comp_inner function in cp-demangle.c misbehaves when processing crafted PE files, causing denial of service through a crash. The connected sources confirm the vulnerable component and the crash impact but do not provide concrete exploit deta...
CVE-2025-11495
CVE-2025-11495 affects GNU Binutils 2.45. The vulnerable element is the linker’s elf_x86_64_relocate_section function in elf64-x86-64.c, where manipulation can cause a heap-based buffer overflow. Impact is local, with publicly disclosed exploit. A patch is available (patch name: 6b21c8b2ecfef5c95...
CVE-2025-66865
CVE-2025-66865 affects GNU Binutils 2.26. A flaw in function d_print_comp_inner in cp-demangle.c can be triggered by processing specially crafted PE files, causing a crash and denial of service. Red Hat’s advisory notes mitigation as not available or not meeting criteria for their base products; ...
CVE-2025-66861
CVE-2025-66861 affects GNU BinUtils 2.26. The issue is in the function d_unqualified_name in cp-demangle.c; processing a specially crafted PE file can cause a crash leading to a denial of service . Red Hat notes that mitigation is not available or does not meet criteria. Other sources corroborate...