CNNVD-202509-4234 Information
CNNVD ID
CNNVD-202509-4234
Related CVE
- CNNVD Published: 2025-09-27
Description (Chinese)
GNU Binutils(GNU Binary Utilities)是美国GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件,并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils 2.45版本存在安全漏洞,该漏洞源于bfd/elf-eh-frame.c文件中_bfd_elf_parse_eh_frame函数存在堆缓冲区溢出,可能导致本地执行攻击。
Description (English)
GNU Binutils (GNU Binary Utilities) is a programming language tool developed by the GNU community in the United States. The program is used primarily to process target documents in multiple formats and to provide links, compilers and other tools for target documents and archives. There is a security loophole in version 2.45 of GNU Binutils, which stems from the spilling of the bund/elf-eh-frame.c document bfd elf parse eh frame, which could lead to a local attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
GNU
Published
2025-09-27
Last Modified
2026-02-24
References
https://vuldb.com/?id.326123 https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2 https://vuldb.com/?ctiid.326123 https://vuldb.com/?submit.661276 https://sourceware.org/bugzilla/attachment.cgi?id=16358 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8 https://www.gnu.org/ https://vigilance.fr/vulnerability/GNU-Binutils-buffer-overflow-via-bfd-elf-parse-eh-frame-48424
Patch
https://www.gnu.org/distros/free-distros.html
Share on: