CVE-2025-11840
EUVD-2025-3477116.10.2025, 16:15
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. This patch is called 16357. It is best practice to apply a patch to resolve this issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnu | binutils | 2.45 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN\/DP MFP | V3.1.5 ≤ 𝑥 < * | ADP |
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| binutils |
|
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.
References