A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 14 Oct 2025 15:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*

Fri, 10 Oct 2025 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Low


Thu, 09 Oct 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Gnu
Gnu binutils
Vendors & Products Gnu
Gnu binutils

Wed, 08 Oct 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 08 Oct 2025 19:45:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
Title GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds
Weaknesses CWE-119
CWE-125
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-10-08T19:42:18.113Z

Reserved: 2025-10-08T13:29:48.256Z

Link: CVE-2025-11494

cve-icon Vulnrichment

Updated: 2025-10-08T19:41:48.198Z

cve-icon NVD

Status : Analyzed

Published: 2025-10-08T20:15:34.770

Modified: 2025-10-14T15:27:45.803

Link: CVE-2025-11494

cve-icon Redhat

Severity : Low

Publid Date: 2025-10-08T19:32:07Z

Links: CVE-2025-11494 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2025-10-09T12:51:34Z