← voltar
CVE-2025-11414

GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds

CVSS 4.8 MEDIUMEPSS 0.2%CWE-119CWE-125
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
GNU · Binutils

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert-portal.siemens.com/productcert/html/ssa-082556.htmlhttps://sourceware.org/bugzilla/attachment.cgi?id=16361https://sourceware.org/bugzilla/show_bug.cgi?id=33450https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703https://vuldb.com/?ctiid.327350https://vuldb.com/?id.327350https://vuldb.com/?submit.665591https://www.gnu.org/