CVE-2025-11413

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-11413

Severity

5.5

Medium

CVSS V3

Description

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

References

https://images.chainguard.dev/security/CGA-hjvg-xf6x-q89m
https://github.com/advisories/GHSA-w337-wphv-g4vh
https://vuldb.com/?ctiid.327349
https://vuldb.com/?id.327349
https://vuldb.com/?submit.665587
https://sourceware.org/bugzilla/show_bug.cgi?id=33452
https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0
https://sourceware.org/bugzilla/attachment.cgi?id=16362
https://www.gnu.org/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-11413

Severity

Description

References

Affected packages

Product

Solutions

Customers

Resources

Company