CNNVD-202510-1120 Information
CNNVD ID
CNNVD-202510-1120
Related CVE
- CNNVD Published: 2025-10-08
Description (Chinese)
GNU Binutils(GNU Binary Utilities)是美国GNU社区的开发的一组编程语言工具程序。该程序主要用于处理多种格式的目标文件,并提供有连接器、汇编器和其他用于目标文件和档案的工具。 GNU Binutils 2.45版本存在缓冲区错误漏洞,该漏洞源于_bfd_x86_elf_late_size_sections函数存在越界读取,可能导致信息泄露。
Description (English)
GNU Binutils (GNU Binary Utilities) is a programming language tool developed by the GNU community in the United States. The program is used primarily to process target documents in multiple formats and to provide links, compilers and other tools for target documents and archives. The version of GNU Binutils 2.45 contains an error loophole in the buffer zone, which stems from the existence of a cross-border reading of the function bfd x86 elf late size sections, which could lead to the disclosure of information.
Hazard Level
Critical
Vulnerability Type
缓冲区错误
Affected Vendor
GNU
Published
2025-10-08
Last Modified
2026-02-24
References
https://sourceware.org/bugzilla/attachment.cgi?id=16389 https://sourceware.org/bugzilla/show_bug.cgi?id=33499 https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a https://vuldb.com/?ctiid.327619 https://vuldb.com/?id.327619 https://vuldb.com/?submit.668281 https://www.gnu.org/
Patch
https://ftp.gnu.org/gnu/binutils/
Share on: