CNNVD-202509-4230 Information
CNNVD ID
CNNVD-202509-4230
Related CVE
- CNNVD Published: 2025-09-27
Description (Chinese)
GNU Binutils(GNU Binary Utilities)是美国GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件,并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils 2.45版本存在缓冲区错误漏洞,该漏洞源于文件binutils/objdump.c中函数dump_dwarf_section存在越界读取,攻击者需本地访问权限。
Description (English)
GNU Binutils (GNU Binary Utilities) is a programming language tool developed by the GNU community in the United States. The program is used primarily to process target documents in multiple formats and to provide links, compilers and other tools for target documents and archives. The version of GNU Binutils 2.45 contains a buffer zone error loophole, which stems from the existence of a cross-border reading of the binutils/objdump.c function dump dwarf section, which requires local access by the attackers.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
GNU
Published
2025-09-27
Last Modified
2026-02-24
References
https://vuldb.com/?id.326122 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b https://sourceware.org/bugzilla/show_bug.cgi?id=33406 https://vuldb.com/?ctiid.326122 https://vuldb.com/?submit.661275 https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2 https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt https://www.gnu.org/ https://vigilance.fr/vulnerability/GNU-Binutils-out-of-bounds-memory-reading-via-dump-dwarf-section-49060
Patch
https://www.gnu.org/distros/free-distros.html
Share on: