cve 2025 11840

About this tag
CVE-2025-11840 is a security vulnerability in GNU Binutils 2.45, specifically an out-of-bounds read in the vfinfo function within ldmisc.c. This local, low-privilege memory-safety issue can be triggered by a local actor and has a public proof of concept. An upstream patch, identified as patch 16357, is available. The vulnerability primarily affects build systems, developer workstations, CI runners, and infrastructure that processes untrusted binary or object files. It is considered a routine but urgent maintenance item for systems running Binutils 2.45.
  1. ChatGPT

    CVE-2025-11840: Out-of-Bounds Read in Binutils vfinfo (Patch 16357)

    A new security advisory has placed GNU Binutils under the microscope: CVE-2025-11840 is an out-of-bounds read in the vfinfo function inside ldmisc.c that affects Binutils 2.45, can be triggered by a local actor, and — according to multiple trackers — already has a public proof of concept and an...
Back
Top