DEBIAN-CVE-2025-11840

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2025-11840

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2025-11840.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2025-11840

Upstream

CVE-2025-11840

Published

2025-10-16T16:15:37Z

Modified

2025-10-24T09:01:48.026030Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.

References

https://security-tracker.debian.org/tracker/CVE-2025-11840

Affected packages

Debian:11 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.35.2-2

2.35.50.20201103-1

2.35.50.20201125-1

2.35.50.20201206-1

2.35.50.20201209-1

2.35.50.20201218-1

2.35.50.20210106-1

2.35.90.20210113-1

2.35.90.20210120-1

2.36-1

2.36-2

2.36-2+2.35.2

2.36-2+2.35.2.1

2.36+2.35.2-1

2.36.1-1

2.36.1-2

2.36.1-3

2.36.1-4

2.36.1-5

2.36.1-6

2.36.50.20210601-1

2.36.50.20210618-1

2.36.50.20210628-1

2.36.90.20210705-1

2.37-1

2.37-2

2.37-3

2.37-4

2.37-5

2.37-6

2.37-7

2.37-8

2.37-9

2.37-10

2.37-10.1

2.37.50.20211102-1

2.37.50.20211115-1

2.37.50.20211118-1

2.37.50.20211201-1

2.37.50.20220106-1

2.37.50.20220106-2

2.37.50.20220121-1

2.37.90.20220123-1

2.37.90.20220123-2

2.37.90.20220130-1

2.37.90.20220130-2

2.37.90.20220207-1

2.38-1

2.38-2

2.38-3

2.38-4

2.38.50.20220503-1

2.38.50.20220509-1

2.38.50.20220512-1

2.38.50.20220527-1

2.38.50.20220527-2

2.38.50.20220609-1

2.38.50.20220609-2

2.38.50.20220615-1

2.38.50.20220615-2

2.38.50.20220615-3

2.38.50.20220615-4

2.38.50.20220622-1

2.38.50.20220627-1

2.38.50.20220629-1

2.38.50.20220629-2

2.38.50.20220629-3

2.38.50.20220629-4

2.38.50.20220707-1

2.38.90.20220713-1

2.38.90.20220713-2

2.39-1

2.39-2

2.39-3

2.39-4

2.39-5

2.39-6

2.39-7

2.39-8

2.39.50.20221004-1

2.39.50.20221010-1

2.39.50.20221101-1

2.39.50.20221101-2

2.39.50.20221116-1

2.39.50.20221129-1

2.39.50.20221208-1

2.39.50.20221208-2

2.39.50.20221208-3

2.39.50.20221208-4

2.39.50.20221208-5

2.39.50.20221224-1

2.39.90.20221231-1

2.39.90.20230104-1

2.39.90.20230110-1

2.40-1

2.40-2

2.40.50.20230111-1

2.40.50.20230215-1

2.40.50.20230501-1

2.40.50.20230510-1

2.40.50.20230602-1

2.40.50.20230611-1

2.40.50.20230611-2

2.40.50.20230622-1

2.40.50.20230625-1

2.40.50.20230630-1

2.40.90.20230705-1

2.40.90.20230714-1

2.40.90.20230714-2

2.40.90.20230720-1

2.40.90.20230729-1

2.40.90.20230729-2

2.41-1

2.41-2

2.41-3

2.41-4

2.41-5

2.41-6

2.41-7

2.41.50.20230731-1

2.41.50.20230803-1

2.41.50.20230905-1

2.41.50.20231010-1

2.41.50.20231101-1

2.41.50.20231125-1

2.41.50.20231202-1

2.41.50.20231206-1

2.41.50.20231214-1

2.41.50.20231227-1

2.41.90.20240115-1

2.41.90.20240122-1

2.42-1

2.42-2

2.42-2+hurd.1

2.42-3

2.42-4

2.42.50.20240614-1

2.42.50.20240618-1

2.42.50.20240625-1

2.42.50.20240710-1

2.42.90.20240720-1

2.42.90.20240720-2

2.43-1

2.43-2

2.43.1-1

2.43.1-2

2.43.1-3

2.43.1-4

2.43.1-5

2.43.50.20240817-1

2.43.50.20240909-1

2.43.50.20241004-1

2.43.50.20241112-1

2.43.50.20241126-1

2.43.50.20241126-2

2.43.50.20241126-3

2.43.50.20241204-1

2.43.50.20241204-2

2.43.50.20241210-1

2.43.50.20241215-1

2.43.50.20241221-1

2.43.50.20241230-1

2.43.50.20250108-1

2.43.90.20250122-1

2.43.90.20250122-2

2.43.90.20250127-1

2.43.90.20250202-1

2.44-1

2.44-2

2.44-3

2.44.50.20250201-1

2.44.50.20250207-1

2.44.50.20250218-1

2.44.50.20250218-2

2.44.50.20250309-1

2.44.50.20250405-1

2.44.50.20250502-1

2.44.50.20250520-1

2.44.50.20250528-1

2.44.50.20250707-1

2.44.90.20250719-1

2.45-1

2.45-2

2.45-3

2.45-4

2.45-5

2.45-6

2.45-7

2.45-8

2.45.50.20250813-1

2.45.50.20250903-1

2.45.50.20251005-1

2.45.50.20251023-1

2.45.50.20251023-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.40-2

2.40.50.20230111-1

2.40.50.20230215-1

2.40.50.20230501-1

2.40.50.20230510-1

2.40.50.20230602-1

2.40.50.20230611-1

2.40.50.20230611-2

2.40.50.20230622-1

2.40.50.20230625-1

2.40.50.20230630-1

2.40.90.20230705-1

2.40.90.20230714-1

2.40.90.20230714-2

2.40.90.20230720-1

2.40.90.20230729-1

2.40.90.20230729-2

2.41-1

2.41-2

2.41-3

2.41-4

2.41-5

2.41-6

2.41-7

2.41.50.20230731-1

2.41.50.20230803-1

2.41.50.20230905-1

2.41.50.20231010-1

2.41.50.20231101-1

2.41.50.20231125-1

2.41.50.20231202-1

2.41.50.20231206-1

2.41.50.20231214-1

2.41.50.20231227-1

2.41.90.20240115-1

2.41.90.20240122-1

2.42-1

2.42-2

2.42-2+hurd.1

2.42-3

2.42-4

2.42.50.20240614-1

2.42.50.20240618-1

2.42.50.20240625-1

2.42.50.20240710-1

2.42.90.20240720-1

2.42.90.20240720-2

2.43-1

2.43-2

2.43.1-1

2.43.1-2

2.43.1-3

2.43.1-4

2.43.1-5

2.43.50.20240817-1

2.43.50.20240909-1

2.43.50.20241004-1

2.43.50.20241112-1

2.43.50.20241126-1

2.43.50.20241126-2

2.43.50.20241126-3

2.43.50.20241204-1

2.43.50.20241204-2

2.43.50.20241210-1

2.43.50.20241215-1

2.43.50.20241221-1

2.43.50.20241230-1

2.43.50.20250108-1

2.43.90.20250122-1

2.43.90.20250122-2

2.43.90.20250127-1

2.43.90.20250202-1

2.44-1

2.44-2

2.44-3

2.44.50.20250201-1

2.44.50.20250207-1

2.44.50.20250218-1

2.44.50.20250218-2

2.44.50.20250309-1

2.44.50.20250405-1

2.44.50.20250502-1

2.44.50.20250520-1

2.44.50.20250528-1

2.44.50.20250707-1

2.44.90.20250719-1

2.45-1

2.45-2

2.45-3

2.45-4

2.45-5

2.45-6

2.45-7

2.45-8

2.45.50.20250813-1

2.45.50.20250903-1

2.45.50.20251005-1

2.45.50.20251023-1

2.45.50.20251023-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.44-3

2.44.50.20250201-1

2.44.50.20250207-1

2.44.50.20250218-1

2.44.50.20250218-2

2.44.50.20250309-1

2.44.50.20250405-1

2.44.50.20250502-1

2.44.50.20250520-1

2.44.50.20250528-1

2.44.50.20250707-1

2.44.90.20250719-1

2.45-1

2.45-2

2.45-3

2.45-4

2.45-5

2.45-6

2.45-7

2.45-8

2.45.50.20250813-1

2.45.50.20250903-1

2.45.50.20251005-1

2.45.50.20251023-1

2.45.50.20251023-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.44-3

2.44.50.20250201-1

2.44.50.20250207-1

2.44.50.20250218-1

2.44.50.20250218-2

2.44.50.20250309-1

2.44.50.20250405-1

2.44.50.20250502-1

2.44.50.20250520-1

2.44.50.20250528-1

2.44.50.20250707-1

2.44.90.20250719-1

2.45-1

2.45-2

2.45-3

2.45-4

2.45-5

2.45-6

2.45-7

2.45-8

2.45.50.20250813-1

2.45.50.20250903-1

2.45.50.20251005-1

2.45.50.20251023-1

2.45.50.20251023-2

Ecosystem specific

{
    "urgency": "unimportant"
}