Vulnerability Description
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | 2.45 |
Related Weaknesses (CWE)
References
- https://sourceware.org/bugzilla/attachment.cgi?id=16378Broken Link
- https://sourceware.org/bugzilla/show_bug.cgi?id=33452ExploitIssue Tracking
- https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8ExploitIssue Tracking
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6Patch
- https://vuldb.com/?ctiid.327348Permissions RequiredVDB Entry
- https://vuldb.com/?id.327348Third Party AdvisoryVDB Entry
- https://www.gnu.org/Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/html/ssa-082556.html
- https://sourceware.org/bugzilla/show_bug.cgi?id=33452ExploitIssue Tracking
FAQ
What is CVE-2025-11412?
CVE-2025-11412 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read...
How severe is CVE-2025-11412?
CVE-2025-11412 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11412?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Binutils.