CVE-2025-11083

Source
https://cve.org/CVERecord?id=CVE-2025-11083
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11083.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-11083
Downstream
Related
Published
2025-09-27T23:02:08.428Z
Modified
2026-07-15T01:48:53.185424941Z
Severity
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Details

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

Database specific
{
    "cwe_ids": [
        "CWE-119",
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/11xxx/CVE-2025-11083.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / sourceware.org/git/binutils-gdb.git

Affected ranges

Type
GIT
Repo
https://sourceware.org/git/binutils-gdb.git
Events
Introduced
2bc7af1ff7732451b6a7b09462a815c3284f9613
Last affected
2bc7af1ff7732451b6a7b09462a815c3284f9613
Database specific
{
    "cpe": "cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.45"
        },
        {
            "last_affected": "2.45"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_STRING"
    ]
}

Affected versions

2.*
2.45
Other
binutils-2_45

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11083.json"