Search criteria
1157 vulnerabilities by gnu
CVE-2025-62689 (GCVE-0-2025-62689)
Vulnerability from cvelistv5 – Published: 2025-11-10 04:10 – Updated: 2025-11-14 18:01
VLAI?
Summary
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Severity ?
CWE
- CWE-122 - Heap-based buffer overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GNU Project | GNU libbmicrohttpd |
Affected:
v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository
Affected: after the v1.0.2 tag.) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T18:01:50.566603Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:01:56.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GNU libbmicrohttpd",
"vendor": "GNU Project",
"versions": [
{
"status": "affected",
"version": "v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository"
},
{
"status": "affected",
"version": "after the v1.0.2 tag.)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based buffer overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T04:10:57.970Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.gnu.org/software/libmicrohttpd/"
},
{
"url": "https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b"
},
{
"url": "https://jvn.jp/en/jp/JVN76719218/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-62689",
"datePublished": "2025-11-10T04:10:57.970Z",
"dateReserved": "2025-11-03T23:35:49.815Z",
"dateUpdated": "2025-11-14T18:01:56.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59777 (GCVE-0-2025-59777)
Vulnerability from cvelistv5 – Published: 2025-11-10 04:10 – Updated: 2025-11-10 21:41
VLAI?
Summary
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.
Severity ?
CWE
- CWE-476 - NULL pointer dereference
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GNU Project | GNU libbmicrohttpd |
Affected:
v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository
Affected: after the v1.0.2 tag.) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59777",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T21:40:57.327820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T21:41:04.217Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "GNU libbmicrohttpd",
"vendor": "GNU Project",
"versions": [
{
"status": "affected",
"version": "v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository"
},
{
"status": "affected",
"version": "after the v1.0.2 tag.)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL pointer dereference",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T04:10:44.836Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.gnu.org/software/libmicrohttpd/"
},
{
"url": "https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b"
},
{
"url": "https://jvn.jp/en/jp/JVN76719218/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-59777",
"datePublished": "2025-11-10T04:10:44.836Z",
"dateReserved": "2025-11-03T23:35:54.488Z",
"dateUpdated": "2025-11-10T21:41:04.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11840 (GCVE-0-2025-11840)
Vulnerability from cvelistv5 – Published: 2025-10-16 15:32 – Updated: 2025-10-16 18:12
VLAI?
Summary
A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11840",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T18:11:52.296067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T18:12:26.436Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 ist eine Schwachstelle entdeckt worden. Davon betroffen ist die Funktion vfinfo der Datei ldmisc.c. Die Bearbeitung verursacht out-of-bounds read. Der Angriff muss lokal durchgef\u00fchrt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Name des Patches ist 16357. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T15:32:11.651Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328775 | GNU Binutils ldmisc.c vfinfo out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328775"
},
{
"name": "VDB-328775 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328775"
},
{
"name": "Submit #661281 | GNU Binutils 2.45 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661281"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33455"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16351"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16357"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-16T10:41:23.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils ldmisc.c vfinfo out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11840",
"datePublished": "2025-10-16T15:32:11.651Z",
"dateReserved": "2025-10-16T08:36:17.235Z",
"dateUpdated": "2025-10-16T18:12:26.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11839 (GCVE-0-2025-11839)
Vulnerability from cvelistv5 – Published: 2025-10-16 14:02 – Updated: 2025-10-16 14:15
VLAI?
Summary
A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11839",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T14:14:58.421856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:15:03.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion tg_tag_type der Datei prdbg.c. Die Ver\u00e4nderung resultiert in unchecked return value. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-253",
"description": "Incorrect Check of Function Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:02:13.689Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-328774 | GNU Binutils prdbg.c tg_tag_type return value",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.328774"
},
{
"name": "VDB-328774 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.328774"
},
{
"name": "Submit #661279 | GNU Binutils 2.45 Unexpected Status Code or Return Value",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661279"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16344"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-16T10:36:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils prdbg.c tg_tag_type return value"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11839",
"datePublished": "2025-10-16T14:02:13.689Z",
"dateReserved": "2025-10-16T08:31:52.156Z",
"dateUpdated": "2025-10-16T14:15:03.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11495 (GCVE-0-2025-11495)
Vulnerability from cvelistv5 – Published: 2025-10-08 20:02 – Updated: 2025-10-08 20:25
VLAI?
Summary
A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
Yifan Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11495",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T20:25:11.875090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T20:25:19.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yifan Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Patch name: 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. To fix this issue, it is recommended to deploy a patch."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in GNU Binutils 2.45 gefunden. Dies betrifft die Funktion elf_x86_64_relocate_section der Datei elf64-x86-64.c der Komponente Linker. Mittels Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Name des Patches ist 6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T20:02:07.807Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327620 | GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327620"
},
{
"name": "VDB-327620 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327620"
},
{
"name": "Submit #668290 | GNU Binutils 2.45 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.668290"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33502"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33502#c3"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16393"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6b21c8b2ecfef5c95142cbc2c32f185cb1c26ab0"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-08T15:35:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11495",
"datePublished": "2025-10-08T20:02:07.807Z",
"dateReserved": "2025-10-08T13:29:56.368Z",
"dateUpdated": "2025-10-08T20:25:19.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11494 (GCVE-0-2025-11494)
Vulnerability from cvelistv5 – Published: 2025-10-08 19:32 – Updated: 2025-10-08 19:42
VLAI?
Summary
A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
Yifan Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11494",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T19:41:15.792133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T19:42:18.113Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yifan Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is identified as b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. A patch should be applied to remediate this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 ist eine Schwachstelle entdeckt worden. Das betrifft die Funktion _bfd_x86_elf_late_size_sections der Datei bfd/elfxx-x86.c der Komponente Linker. Mittels dem Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Die Bezeichnung des Patches lautet b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a. Es ist ratsam, einen Patch zu implementieren, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T19:32:07.225Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327619 | GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327619"
},
{
"name": "VDB-327619 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327619"
},
{
"name": "Submit #668281 | GNU Binutils 2.45 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.668281"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33499"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33499#c2"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16389"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b6ac5a8a5b82f0ae6a4642c8d7149b325f4cc60a"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-08T15:35:01.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11494",
"datePublished": "2025-10-08T19:32:07.225Z",
"dateReserved": "2025-10-08T13:29:48.256Z",
"dateUpdated": "2025-10-08T19:42:18.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11414 (GCVE-0-2025-11414)
Vulnerability from cvelistv5 – Published: 2025-10-07 22:32 – Updated: 2025-10-08 17:34
VLAI?
Summary
A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Credits
Yifan Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11414",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T13:45:45.537039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:34:42.195Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33450"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
},
{
"status": "unaffected",
"version": "2.46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yifan Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in GNU Binutils 2.45. Affected by this vulnerability is the function get_link_hash_entry of the file bfd/elflink.c of the component Linker. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.46 addresses this issue. Patch name: aeaaa9af6359c8e394ce9cf24911fec4f4d23703. It is advisable to upgrade the affected component."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 wurde eine Schwachstelle gefunden. Dies betrifft die Funktion get_link_hash_entry der Datei bfd/elflink.c der Komponente Linker. Mit der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Das Problem kann durch ein Upgrade auf Version 2.46 adressiert werden. Der Name des Patches ist aeaaa9af6359c8e394ce9cf24911fec4f4d23703. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T22:32:07.740Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327350 | GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327350"
},
{
"name": "VDB-327350 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327350"
},
{
"name": "Submit #665591 | GNU Binutils 2.45 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.665591"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33450"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16361"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aeaaa9af6359c8e394ce9cf24911fec4f4d23703"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T12:45:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11414",
"datePublished": "2025-10-07T22:32:07.740Z",
"dateReserved": "2025-10-07T10:40:48.563Z",
"dateUpdated": "2025-10-08T17:34:42.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11413 (GCVE-0-2025-11413)
Vulnerability from cvelistv5 – Published: 2025-10-07 22:02 – Updated: 2025-10-08 17:34
VLAI?
Summary
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
Yifan Zhang (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11413",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T14:38:58.101222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:34:48.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
},
{
"status": "unaffected",
"version": "2.46"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yifan Zhang (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GNU Binutils 2.45 entdeckt. Das betrifft die Funktion elf_link_add_object_symbols der Datei bfd/elflink.c der Komponente Linker. Dank Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Das Aktualisieren auf Version 2.46 kann dieses Problem l\u00f6sen. Die Bezeichnung des Patches lautet 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Die Aktualisierung der betroffenen Komponente wird empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T22:02:12.368Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327349 | GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327349"
},
{
"name": "VDB-327349 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327349"
},
{
"name": "Submit #665587 | GNU Binutils 2.45 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.665587"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16362"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T12:45:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11413",
"datePublished": "2025-10-07T22:02:12.368Z",
"dateReserved": "2025-10-07T10:40:46.002Z",
"dateUpdated": "2025-10-08T17:34:48.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11412 (GCVE-0-2025-11412)
Vulnerability from cvelistv5 – Published: 2025-10-07 22:02 – Updated: 2025-10-08 17:34
VLAI?
Summary
A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11412",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-08T13:39:40.874957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-08T17:34:56.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfd_elf_gc_record_vtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in GNU Binutils 2.45 gefunden. Es betrifft die Funktion bfd_elf_gc_record_vtentry der Datei bfd/elflink.c der Komponente Linker. Dank der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Der Patch wird als 047435dd988a3975d40c6626a8f739a0b2e154bc bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-07T22:02:08.093Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-327348 | GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.327348"
},
{
"name": "VDB-327348 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.327348"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452#c8"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16378"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=047435dd988a3975d40c6626a8f739a0b2e154bc"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-10-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-10-07T12:45:53.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11412",
"datePublished": "2025-10-07T22:02:08.093Z",
"dateReserved": "2025-10-07T10:40:39.676Z",
"dateUpdated": "2025-10-08T17:34:56.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11083 (GCVE-0-2025-11083)
Vulnerability from cvelistv5 – Published: 2025-09-27 23:02 – Updated: 2025-09-29 14:55
VLAI?
Summary
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11083",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:55:22.601358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:55:31.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\"."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in GNU Binutils 2.45 gefunden. Es betrifft die Funktion elf_swap_shdr in der Bibliothek bfd/elfcode.h der Komponente Linker. Durch Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Die Bezeichnung des Patches lautet 9ca499644a21ceb3f946d1c179c38a83be084490. Es ist ratsam, einen Patch zu implementieren, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T23:02:08.428Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326124 | GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326124"
},
{
"name": "VDB-326124 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326124"
},
{
"name": "Submit #661277 | GNU Binutils 2.45 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661277"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16353"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T15:52:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11083",
"datePublished": "2025-09-27T23:02:08.428Z",
"dateReserved": "2025-09-26T13:47:24.943Z",
"dateUpdated": "2025-09-29T14:55:31.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11082 (GCVE-0-2025-11082)
Vulnerability from cvelistv5 – Published: 2025-09-27 22:32 – Updated: 2025-09-29 19:37
VLAI?
Summary
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T19:37:10.282004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:37:18.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\"."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 ist eine Schwachstelle entdeckt worden. Betroffen davon ist die Funktion _bfd_elf_parse_eh_frame der Datei bfd/elf-eh-frame.c der Komponente Linker. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Der Patch wird als ea1a0737c7692737a644af0486b71e4a392cbca8 bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T22:32:09.144Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326123 | GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326123"
},
{
"name": "VDB-326123 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326123"
},
{
"name": "Submit #661276 | GNU Binutils 2.45 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661276"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16358"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T15:49:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11082",
"datePublished": "2025-09-27T22:32:09.144Z",
"dateReserved": "2025-09-26T13:44:14.655Z",
"dateUpdated": "2025-09-29T19:37:18.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-11081 (GCVE-0-2025-11081)
Vulnerability from cvelistv5 – Published: 2025-09-27 22:02 – Updated: 2025-09-29 19:36
VLAI?
Summary
A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11081",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T19:36:38.657636Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:36:47.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in GNU Binutils 2.45. This issue affects the function dump_dwarf_section of the file binutils/objdump.c. Performing manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit is now public and may be used. The patch is named f87a66db645caf8cc0e6fc87b0c28c78a38af59b. It is suggested to install a patch to address this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 wurde eine Schwachstelle gefunden. Es ist betroffen die Funktion dump_dwarf_section der Datei binutils/objdump.c. Mittels Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff ist nur lokal m\u00f6glich. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden. Der Patch tr\u00e4gt den Namen f87a66db645caf8cc0e6fc87b0c28c78a38af59b. Es wird geraten, einen Patch zu installieren, um dieses Problem zu l\u00f6sen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T22:02:08.438Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326122 | GNU Binutils objdump.c dump_dwarf_section out-of-bounds",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326122"
},
{
"name": "VDB-326122 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326122"
},
{
"name": "Submit #661275 | GNU Binutils 2.45 Out-of-Bounds Read",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661275"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33406"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33406#c2"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/20623354/hdf5_crash_3.txt"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f87a66db645caf8cc0e6fc87b0c28c78a38af59b"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T15:44:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils objdump.c dump_dwarf_section out-of-bounds"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11081",
"datePublished": "2025-09-27T22:02:08.438Z",
"dateReserved": "2025-09-26T13:39:34.564Z",
"dateUpdated": "2025-09-29T19:36:47.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59378 (GCVE-0-2025-59378)
Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2025-09-15 20:23
VLAI?
Summary
In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).
Severity ?
5.7 (Medium)
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T20:23:36.482773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T20:23:44.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Guix",
"vendor": "GNU",
"versions": [
{
"lessThan": "1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:guix:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T05:38:42.067Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://guix.gnu.org/en/blog/2025/privilege-escalation-vulnerability-2025-2/"
},
{
"url": "https://codeberg.org/guix/guix/commit/1618ca7aa2ee8b6519ee9fd0b965e15eca2bfe45"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59378",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-09-15T00:00:00.000Z",
"dateUpdated": "2025-09-15T20:23:44.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8746 (GCVE-0-2025-8746)
Vulnerability from cvelistv5 – Published: 2025-08-09 06:02 – Updated: 2025-08-11 17:56
VLAI?
Summary
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this "bug appears to be in libopts which is an external library." This vulnerability only affects products that are no longer supported by the maintainer.
Severity ?
CWE
- CWE-119 - Memory Corruption
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
Credits
nipc-cxd (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8746",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-11T17:54:28.716974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-11T17:56:50.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "libopts",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "27.0"
},
{
"status": "affected",
"version": "27.1"
},
{
"status": "affected",
"version": "27.2"
},
{
"status": "affected",
"version": "27.3"
},
{
"status": "affected",
"version": "27.4"
},
{
"status": "affected",
"version": "27.5"
},
{
"status": "affected",
"version": "27.6"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nipc-cxd (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function __strstr_sse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue was initially reported to the tcpreplay project, but the code maintainer explains, that this \"bug appears to be in libopts which is an external library.\" This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in GNU libopts bis 27.6 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion __strstr_sse2. Dank der Manipulation mit unbekannten Daten kann eine memory corruption-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-09T06:02:07.329Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319242 | GNU libopts __strstr_sse2 memory corruption",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319242"
},
{
"name": "VDB-319242 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319242"
},
{
"name": "Submit #623632 | tcpreplay tcpliveplay tcpreplay version 6fcbf03 (the newest master in https://github.com/appneta/tcpreplay) Segmentation Fault",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.623632"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/957"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/appneta/tcpreplay/issues/957#issuecomment-3124774393"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1yjKOHxvL_9xExy4QUb5x43dxci1x59ts/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T11:19:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU libopts __strstr_sse2 memory corruption"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8746",
"datePublished": "2025-08-09T06:02:07.329Z",
"dateReserved": "2025-08-08T09:14:11.987Z",
"dateUpdated": "2025-08-11T17:56:50.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8736 (GCVE-0-2025-8736)
Vulnerability from cvelistv5 – Published: 2025-08-08 19:02 – Updated: 2025-08-08 19:15
VLAI?
Summary
A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8736",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T19:15:39.789983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T19:15:48.325Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Lexer"
],
"product": "cflow",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in GNU cflow bis 1.8 entdeckt. Dies betrifft die Funktion yylex der Datei c.c der Komponente Lexer. Dank Manipulation mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T19:02:06.444Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319232 | GNU cflow Lexer c.c yylex buffer overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319232"
},
{
"name": "VDB-319232 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319232"
},
{
"name": "Submit #622329 | GNU cflow cflow cflow (GNU cflow) the newest master (0a19319e282506ff88d19e630380cd5069e893ed ) in cflow.git - GNU cflow Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622329"
},
{
"tags": [
"related"
],
"url": "https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00001.html"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/17lkJ5bSiQZoXLTg3bK-rGBt3kahN9Xse/view?usp=drive_link"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T10:17:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU cflow Lexer c.c yylex buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8736",
"datePublished": "2025-08-08T19:02:06.444Z",
"dateReserved": "2025-08-08T08:12:22.385Z",
"dateUpdated": "2025-08-08T19:15:48.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8735 (GCVE-0-2025-8735)
Vulnerability from cvelistv5 – Published: 2025-08-08 18:32 – Updated: 2025-10-28 00:43
VLAI?
Summary
A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8735",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T18:45:08.773391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T18:45:30.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-10-28T00:43:32.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2025/10/27/12"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"modules": [
"Lexer"
],
"product": "cflow",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In GNU cflow bis 1.8 wurde eine problematische Schwachstelle entdeckt. Das betrifft die Funktion yylex der Datei c.c der Komponente Lexer. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T18:32:06.777Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319231 | GNU cflow Lexer c.c yylex null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.319231"
},
{
"name": "VDB-319231 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319231"
},
{
"name": "Submit #622328 | GNU cflow cflow cflow (GNU cflow) the newest master (0a19319e282506ff88d19e630380cd5069e893ed ) in cflow.git - GNU cflow Null Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.622328"
},
{
"tags": [
"related"
],
"url": "https://lists.gnu.org/archive/html/bug-cflow/2025-07/msg00000.html"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1Q_rDQSEl3cBu6SUbfqr9pV9cHgvKcXFI/view?usp=drive_link"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T10:17:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU cflow Lexer c.c yylex null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8735",
"datePublished": "2025-08-08T18:32:06.777Z",
"dateReserved": "2025-08-08T08:12:19.373Z",
"dateUpdated": "2025-10-28T00:43:32.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8734 (GCVE-0-2025-8734)
Vulnerability from cvelistv5 – Published: 2025-08-08 18:02 – Updated: 2025-11-03 23:19
VLAI?
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-11-03T23:19:28.363Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"rejectedReasons": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8734",
"datePublished": "2025-08-08T18:02:07.827Z",
"dateRejected": "2025-11-03T23:19:28.363Z",
"dateReserved": "2025-08-08T07:57:09.262Z",
"dateUpdated": "2025-11-03T23:19:28.363Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8733 (GCVE-0-2025-8733)
Vulnerability from cvelistv5 – Published: 2025-08-08 17:32 – Updated: 2025-11-03 23:19
VLAI?
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2025-11-03T23:19:26.799Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"rejectedReasons": [
{
"lang": "en",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8733",
"datePublished": "2025-08-08T17:32:06.798Z",
"dateRejected": "2025-11-03T23:19:26.799Z",
"dateReserved": "2025-08-08T07:57:05.616Z",
"dateUpdated": "2025-11-03T23:19:26.799Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8225 (GCVE-0-2025-8225)
Vulnerability from cvelistv5 – Published: 2025-07-27 08:02 – Updated: 2025-07-28 17:25
VLAI?
Summary
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
arthurx (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8225",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T17:25:09.635987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T17:25:22.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"DWARF Section Handler"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "arthurx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patch is e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in GNU Binutils 2.44 gefunden. Betroffen davon ist die Funktion process_debug_info der Datei binutils/dwarf.c der Komponente DWARF Section Handler. Dank Manipulation mit unbekannten Daten kann eine memory leak-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Der Patch wird als e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "Memory Leak",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T08:02:06.568Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317813 | GNU Binutils DWARF Section dwarf.c process_debug_info memory leak",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317813"
},
{
"name": "VDB-317813 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317813"
},
{
"name": "Submit #621883 | GNU Binutils 2.44 Memory Leak",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621883"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.com/gnutools/binutils-gdb/-/commit/e51fdff7d2e538c0e5accdd65649ac68e6e0ddd4"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:01:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils DWARF Section dwarf.c process_debug_info memory leak"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8225",
"datePublished": "2025-07-27T08:02:06.568Z",
"dateReserved": "2025-07-26T12:56:22.336Z",
"dateUpdated": "2025-07-28T17:25:22.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8224 (GCVE-0-2025-8224)
Vulnerability from cvelistv5 – Published: 2025-07-27 05:32 – Updated: 2025-07-28 16:59
VLAI?
Summary
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
arthurx (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8224",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-28T16:59:03.296958Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T16:59:22.821Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"BFD Library"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.44"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "arthurx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The name of the patch is db856d41004301b3a56438efd957ef5cabb91530. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.44 wurde eine problematische Schwachstelle gefunden. Betroffen ist die Funktion bfd_elf_get_str_section der Datei bfd/elf.c der Komponente BFD Library. Dank der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als db856d41004301b3a56438efd957ef5cabb91530 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-27T05:32:06.926Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-317812 | GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.317812"
},
{
"name": "VDB-317812 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.317812"
},
{
"name": "Submit #621878 | GNU binutils--gdb 2.44 NULL Pointer Dereference",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621878"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32109"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=32109#c2"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=15680"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db856d41004301b3a56438efd957ef5cabb91530"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-26T15:01:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8224",
"datePublished": "2025-07-27T05:32:06.926Z",
"dateReserved": "2025-07-26T12:56:14.737Z",
"dateUpdated": "2025-07-28T16:59:22.821Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7546 (GCVE-0-2025-7546)
Vulnerability from cvelistv5 – Published: 2025-07-13 22:02 – Updated: 2025-07-14 16:00
VLAI?
Summary
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
arthurx (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7546",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:00:51.386955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:00:55.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "arthurx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in GNU Binutils 2.45 entdeckt. Hierbei geht es um die Funktion bfd_elf_set_group_contents der Datei bfd/elf.c. Mittels dem Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 41461010eb7c79fee7a9d5f6209accdaac66cc6b bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T22:02:07.589Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316244 | GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316244"
},
{
"name": "VDB-316244 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316244"
},
{
"name": "Submit #614375 | GNU binutils--gdb 2.45 Out-of-bounds Write",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.614375"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33050#c2"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16118"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41461010eb7c79fee7a9d5f6209accdaac66cc6b"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T19:05:22.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7546",
"datePublished": "2025-07-13T22:02:07.589Z",
"dateReserved": "2025-07-12T17:00:15.332Z",
"dateUpdated": "2025-07-14T16:00:55.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7545 (GCVE-0-2025-7545)
Vulnerability from cvelistv5 – Published: 2025-07-13 21:44 – Updated: 2025-07-15 19:53
VLAI?
Summary
A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Credits
arthurx (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7545",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:43:40.760040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:53:03.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "arthurx (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion copy_section der Datei binutils/objcopy.c. Durch Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T21:44:08.027Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316243 | GNU Binutils objcopy.c copy_section heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316243"
},
{
"name": "VDB-316243 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316243"
},
{
"name": "Submit #614355 | GNU binutils--gdb 2.45 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.614355"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33049#c1"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16117"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-12T19:05:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils objcopy.c copy_section heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7545",
"datePublished": "2025-07-13T21:44:08.027Z",
"dateReserved": "2025-07-12T17:00:12.513Z",
"dateUpdated": "2025-07-15T19:53:03.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-45582 (GCVE-0-2025-45582)
Vulnerability from cvelistv5 – Published: 2025-07-11 00:00 – Updated: 2025-11-02 00:12
VLAI?
Summary
GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which "tar xf" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each "tar xf" in its Security Rules of Thumb; however, third-party advice leads users to run "tar xf" more than once into the same directory.
Severity ?
4.1 (Medium)
CWE
- CWE-24 - Path Traversal: '../filedir'
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-45582",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T18:27:18.891014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:27:30.573Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-02T00:12:55.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/01/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Tar",
"vendor": "GNU",
"versions": [
{
"lessThanOrEqual": "1.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file\u0027s name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of \"Member name contains \u0027..\u0027\" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain \"x -\u003e ../../../../../home/victim/.ssh\" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in which \"tar xf\" is run more than once (e.g., when installing a package can automatically install two dependencies that are set up as untrusted tarballs instead of official packages). NOTE: the official GNU Tar manual has an otherwise-empty directory for each \"tar xf\" in its Security Rules of Thumb; however, third-party advice leads users to run \"tar xf\" more than once into the same directory."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24 Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T03:08:06.530Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"url": "https://www.gnu.org/software/tar/"
},
{
"url": "https://www.gnu.org/software/tar/manual/html_node/Security-rules-of-thumb.html"
},
{
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html"
},
{
"url": "https://lists.gnu.org/archive/html/bug-tar/2025-08/msg00012.html"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-45582",
"datePublished": "2025-07-11T00:00:00.000Z",
"dateReserved": "2025-04-22T00:00:00.000Z",
"dateUpdated": "2025-11-02T00:12:55.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32990 (GCVE-0-2025-32990)
Vulnerability from cvelistv5 – Published: 2025-07-10 09:41 – Updated: 2025-12-01 22:02
VLAI?
Summary
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
Severity ?
6.5 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , < 3.8.10
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T14:06:53.044401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T14:08:18.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:08.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.gnutls.org/",
"defaultStatus": "unaffected",
"packageName": "libgnutls",
"versions": [
{
"lessThan": "3.8.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.9-9.el10_0.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_10.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_10.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos",
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-21.el9_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-4.el9_4.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ceph_storage:7::el9"
],
"defaultStatus": "affected",
"packageName": "rhceph/rhceph-7-rhel9",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-07-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:02:34.272Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:16115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16115"
},
{
"name": "RHSA-2025:16116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16116"
},
{
"name": "RHSA-2025:17181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"name": "RHSA-2025:17348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17348"
},
{
"name": "RHSA-2025:17361",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17361"
},
{
"name": "RHSA-2025:17415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17415"
},
{
"name": "RHSA-2025:19088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19088"
},
{
"name": "RHSA-2025:22529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32990"
},
{
"name": "RHBZ#2359620",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359620"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T01:21:36.656000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-07-09T07:00:00+00:00",
"value": "Made public."
}
],
"title": "Gnutls: vulnerability in gnutls certtool template parsing",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-32990",
"datePublished": "2025-07-10T09:41:46.211Z",
"dateReserved": "2025-04-15T01:31:12.104Z",
"dateUpdated": "2025-12-01T22:02:34.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32989 (GCVE-0-2025-32989)
Vulnerability from cvelistv5 – Published: 2025-07-10 08:05 – Updated: 2025-12-01 22:02
VLAI?
Summary
A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly.
Severity ?
5.3 (Medium)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , < 3.8.10
(semver)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:04:51.314429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:06:49.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:07.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.gnutls.org/",
"defaultStatus": "unaffected",
"packageName": "libgnutls",
"versions": [
{
"lessThan": "3.8.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.9-9.el10_0.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos",
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-21.el9_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream",
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-4.el9_4.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ceph_storage:7::el9"
],
"defaultStatus": "affected",
"packageName": "rhceph/rhceph-7-rhel9",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-07-10T07:54:13.541Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:02:30.532Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:16115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16115"
},
{
"name": "RHSA-2025:16116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16116"
},
{
"name": "RHSA-2025:17181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"name": "RHSA-2025:17348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17348"
},
{
"name": "RHSA-2025:17361",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17361"
},
{
"name": "RHSA-2025:19088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19088"
},
{
"name": "RHSA-2025:22529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32989"
},
{
"name": "RHBZ#2359621",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359621"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T01:21:36.512000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-07-10T07:54:13.541000+00:00",
"value": "Made public."
}
],
"title": "Gnutls: vulnerability in gnutls sct extension parsing",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-295: Improper Certificate Validation"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-32989",
"datePublished": "2025-07-10T08:05:26.307Z",
"dateReserved": "2025-04-15T01:31:12.104Z",
"dateUpdated": "2025-12-01T22:02:30.532Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32988 (GCVE-0-2025-32988)
Vulnerability from cvelistv5 – Published: 2025-07-10 08:04 – Updated: 2025-12-01 22:02
VLAI?
Summary
A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.
This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior.
Severity ?
6.5 (Medium)
CWE
- CWE-415 - Double Free
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Affected:
0 , < 3.8.10
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32988",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-10T20:04:19.060060Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-10T20:04:30.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:06.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00005.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/07/11/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.gnutls.org/",
"defaultStatus": "unaffected",
"packageName": "libgnutls",
"versions": [
{
"lessThan": "3.8.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.9-9.el10_0.14",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_10.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos",
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.6.16-8.el8_10.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-6.el9_6.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream",
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.7.6-21.el9_2.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:3.8.3-4.el9_4.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:ceph_storage:7::el9"
],
"defaultStatus": "affected",
"packageName": "rhceph/rhceph-7-rhel9",
"product": "Red Hat Ceph Storage 7",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:6b79ed10423d954d21dd24c9cb1cf507f6e02c2942ace7fa30cf7af2ffaeb631",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4784c2680572f9d091fcfb8c593d5424c0fcd8ea9cd51d25ddaf2f72abc7da65",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:insights_proxy:1.5::el9"
],
"defaultStatus": "affected",
"packageName": "insights-proxy/insights-proxy-container-rhel9",
"product": "Red Hat Insights proxy 1.5",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "gnutls",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2025-07-10T07:55:14.310Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure.\n\nThis vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T22:02:26.807Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:16115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16115"
},
{
"name": "RHSA-2025:16116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16116"
},
{
"name": "RHSA-2025:17181",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17181"
},
{
"name": "RHSA-2025:17348",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17348"
},
{
"name": "RHSA-2025:17361",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17361"
},
{
"name": "RHSA-2025:17415",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:17415"
},
{
"name": "RHSA-2025:19088",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:19088"
},
{
"name": "RHSA-2025:22529",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22529"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-32988"
},
{
"name": "RHBZ#2359622",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359622"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-15T01:21:36.833000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-07-10T07:55:14.310000+00:00",
"value": "Made public."
}
],
"title": "Gnutls: vulnerability in gnutls othername san export",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-415: Double Free"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-32988",
"datePublished": "2025-07-10T08:04:57.991Z",
"dateReserved": "2025-04-15T01:31:12.104Z",
"dateUpdated": "2025-12-01T22:02:26.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6141 (GCVE-0-2025-6141)
Vulnerability from cvelistv5 – Published: 2025-06-16 22:00 – Updated: 2025-06-17 13:52
VLAI?
Summary
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-17T13:51:52.620157Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T13:52:08.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ncurses",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "6.5-20250322"
},
{
"status": "unaffected",
"version": "6.5-20250329"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In GNU ncurses bis 6.5-20250322 wurde eine problematische Schwachstelle gefunden. Es geht um die Funktion postprocess_termcap der Datei tinfo/parse_entry.c. Dank Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Ein Aktualisieren auf die Version 6.5-20250329 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-16T22:00:17.088Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-312610 | GNU ncurses parse_entry.c postprocess_termcap stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.312610"
},
{
"name": "VDB-312610 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.312610"
},
{
"name": "Submit #593000 | GNU ncurses ncurses-6.5-20250322 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.593000"
},
{
"tags": [
"related"
],
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html"
},
{
"tags": [
"related"
],
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html"
},
{
"tags": [
"patch"
],
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html"
},
{
"tags": [
"related"
],
"url": "https://invisible-island.net/ncurses/NEWS.html#index-t20250329"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-15T13:13:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU ncurses parse_entry.c postprocess_termcap stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6141",
"datePublished": "2025-06-16T22:00:17.088Z",
"dateReserved": "2025-06-15T11:06:16.592Z",
"dateUpdated": "2025-06-17T13:52:08.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5899 (GCVE-0-2025-5899)
Vulnerability from cvelistv5 – Published: 2025-06-09 22:00 – Updated: 2025-06-10 15:29
VLAI?
Summary
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
CWE
- CWE-590 - Free of Memory not on the Heap
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:21:21.478754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:29:10.200Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://savannah.gnu.org/bugs/index.php?67072"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PSPP",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb wurde eine kritische Schwachstelle entdeckt. Das betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch Manipulieren mit unbekannten Daten kann eine free of memory not on the heap-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-590",
"description": "Free of Memory not on the Heap",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T22:00:15.952Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311671 | GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311671"
},
{
"name": "VDB-311671 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311671"
},
{
"name": "Submit #586106 | GNU libpspp pspp-convert master in Git Repository[commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.586106"
},
{
"tags": [
"related"
],
"url": "https://savannah.gnu.org/bugs/index.php?67072"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1YPJLiBzOwVTcc2FzdawYxBJWGujwqy7o/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-09T09:24:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5899",
"datePublished": "2025-06-09T22:00:15.952Z",
"dateReserved": "2025-06-09T07:15:10.136Z",
"dateUpdated": "2025-06-10T15:29:10.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5898 (GCVE-0-2025-5898)
Vulnerability from cvelistv5 – Published: 2025-06-09 21:31 – Updated: 2025-06-10 15:29
VLAI?
Summary
A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T14:21:27.525130Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:29:18.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://savannah.gnu.org/bugs/index.php?67071"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "PSPP",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb entdeckt. Es betrifft die Funktion parse_variables_option der Datei utilities/pspp-convert.c. Durch das Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T21:31:06.185Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311670 | GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311670"
},
{
"name": "VDB-311670 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311670"
},
{
"name": "Submit #586105 | GNU libpspp pspp-convert master in Git Repository [commit:82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb] Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.586105"
},
{
"tags": [
"related"
],
"url": "https://savannah.gnu.org/bugs/index.php?67071"
},
{
"tags": [
"exploit"
],
"url": "https://drive.google.com/file/d/1ZigqDFZQn5YUWFLu1V2juDGWQgbJFAtX/view?usp=sharing"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-09T09:24:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5898",
"datePublished": "2025-06-09T21:31:06.185Z",
"dateReserved": "2025-06-09T07:15:01.851Z",
"dateUpdated": "2025-06-10T15:29:18.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5745 (GCVE-0-2025-5745)
Vulnerability from cvelistv5 – Published: 2025-06-05 19:20 – Updated: 2025-06-05 20:13
VLAI?
Summary
The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.
Severity ?
5.6 (Medium)
CWE
- CWE-665 - Improper Initialization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The GNU C Library | glibc |
Affected:
2.40
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-5745",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-05T20:11:39.550335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-665",
"description": "CWE-665 Improper Initialization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T20:13:51.068Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Power10"
],
"product": "glibc",
"vendor": "The GNU C Library",
"versions": [
{
"status": "affected",
"version": "2.40",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-06-05T02:03:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"value": "The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T19:20:57.253Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"references": [
{
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33060"
}
],
"source": {
"discovery": "UNKNOWN"
},
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the \u003ccode\u003eglibc.cpu.hwcaps\u003c/code\u003e tunable. This can be done by exporting the \u003ccode\u003eGLIBC_TUNABLES\u003c/code\u003e environment variable like so:\u003cbr\u003e\u003cbr\u003e\n\n\u003ccode\u003e\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1\u003c/code\u003e"
}
],
"value": "One may disable the Power10 optimized string routines in glibc to work around this issue, by setting the glibc.cpu.hwcaps tunable. This can be done by exporting the GLIBC_TUNABLES environment variable like so:\n\n\n\n\nexport GLIBC_TUNABLES=glibc.cpu.hwcaps=-arch_3_1"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2025-5745",
"datePublished": "2025-06-05T19:20:23.405Z",
"dateReserved": "2025-06-05T19:15:09.234Z",
"dateUpdated": "2025-06-05T20:13:51.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}