CNNVD-202510-2316 Information

Oct 16, 2025 cve

CNNVD ID

CNNVD-202510-2316

CVE-2025-11840

CNNVD Published: 2025-10-16

Description (Chinese)

GNU BinUtils是美国GNU社区的一组处理二进制文件的编程工具集合。 GNU Binutils（GNU Binary Utilities） 2.45版本存在缓冲区错误漏洞，该漏洞源于文件ldmisc.c中函数vfinfo存在越界读取，可能导致本地攻击。

Description (English)

GNU BinUtils is a set of programming tools for the processing of binary files in the GNU community in the United States. Version 2.45 of GNU Binutils (GNU Binary Utilities) contains an error loophole in the buffer zone, which stems from the existence of a cross-border reading function vfinfo in Idmisc.c, which may lead to local attacks.

Hazard Level

Critical

Vulnerability Type

缓冲区错误

Affected Vendor

GNU

Published

2025-10-16

Last Modified

2026-02-24

References

https://vuldb.com/?id.328775 https://vuldb.com/?submit.661281 https://sourceware.org/bugzilla/attachment.cgi?id=16351 https://vuldb.com/?ctiid.328775 https://sourceware.org/bugzilla/attachment.cgi?id=16357 https://sourceware.org/bugzilla/show_bug.cgi?id=33455 https://www.gnu.org/ https://vigilance.fr/vulnerability/GNU-Binutils-out-of-bounds-memory-reading-via-vfinfo-48916 https://access.redhat.com/security/cve/cve-2025-11840

Share on: