VDB
DEBIAN-CVE-2025-11414
DEBIAN-CVE-2025-11414
PUBLISHED
CVSS 5.5 MEDIUM
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | binutils | 2.43.1-4, 2.45-3, 2.45-4 |
| Debian:13 | binutils | 2.44.50.20250201-1, 2.44.50.20250207-1, 2.44.50.20250218-1 |
| Debian:11 | binutils | 2.40.50.20230630-1, 2.43.50.20241112-1, 2.43.50.20241126-1 |
| Debian:14 | binutils | 2.44.90.20250719-1, 2.45-3, 2.45.50.20260116-1 |
Timeline
- Oct 7, 2025 CVE Published
- Apr 28, 2026 CVE Updated