VDB
DEBIAN-CVE-2025-11081
DEBIAN-CVE-2025-11081
PUBLISHED
CVSS 5.5 MEDIUM
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | binutils | 2.41-7, 2.41.50.20230731-1, 2.41.50.20230803-1 |
| Debian:14 | binutils | 2.45.90.20260125-1, 0, 2.44-3 |
| Debian:13 | binutils | 2.44.50.20250528-1, 2.45.50.20250903-1, 2.46.50.20260216-1 |
| Debian:11 | binutils | 2.44.50.20250405-1, 2.44.50.20250502-1, 2.44.50.20250520-1 |
Timeline
- Sep 27, 2025 CVE Published
- Apr 28, 2026 CVE Updated