GNU Binutils ldmisc.c vfinfo out-of-bounds_CVE-2025-11840

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

Basic Information

ID CVE-2025-11840

Source VulDB

Published Oct 16, 2025 at 15:32

Affected Product

Vendor GNU

Product Binutils

Version 2.45

Affected Versions GNU Binutils 2.45

CWE Classification

CWE-125 CWE-119

References

{
    "lastseen": "",
    "description": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.",
    "published": "2025-10-16T15:32:11.651Z",
    "modified": "2025-10-16T15:32:11.651Z",
    "type": "cve",
    "title": "GNU Binutils ldmisc.c vfinfo out-of-bounds",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.328775\nhttps://vuldb.com/?ctiid.328775\nhttps://vuldb.com/?submit.661281\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=33455\nhttps://sourceware.org/bugzilla/attachment.cgi?id=16351\nhttps://sourceware.org/bugzilla/attachment.cgi?id=16357\nhttps://www.gnu.org/",
    "id": "CVE-2025-11840",
    "bulletinFamily": "",
    "cwe": [
        "CWE-125",
        "CWE-119"
    ],
    "cvelist": null,
    "sourceData": "GNU Binutils 2.45",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Binutils",
    "version": "2.45",
    "vendor": "GNU",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}