Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from cleanstart
Published
2026-04-01 09:16
Modified
2026-03-26 13:10
Summary
Security fixes for CVE-2025-11082, CVE-2025-11083 applied in versions: 2.46.0-r0
Details
Multiple security vulnerabilities affect the $pkgname-$CTARGET_ARCH package. These issues are resolved in later releases. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "$pkgname-$CTARGET_ARCH"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.46.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the $pkgname-$CTARGET_ARCH package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-EQ25508",
"modified": "2026-03-26T13:10:59Z",
"published": "2026-04-01T09:16:21.124779Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-EQ25508.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11082"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11083"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11082"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-11082, CVE-2025-11083 applied in versions: 2.46.0-r0",
"upstream": [
"CVE-2025-11082",
"CVE-2025-11083"
]
}
CVE-2025-11082 (GCVE-0-2025-11082)
Vulnerability from cvelistv5 – Published: 2025-09-27 22:32 – Updated: 2026-05-12 12:02 X_Open Source
VLAI
EPSS
Title
GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow
Summary
A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.326123 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.326123 | signaturepermissions-required |
| https://vuldb.com/?submit.661276 | third-party-advisory |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33464 | issue-tracking |
| https://sourceware.org/bugzilla/show_bug.cgi?id=3… | issue-tracking |
| https://sourceware.org/bugzilla/attachment.cgi?id=16358 | exploit |
| https://sourceware.org/git/gitweb.cgi?p=binutils-… | patch |
| https://www.gnu.org/ | product |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| GNU | Binutils |
Affected:
2.45
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11082",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T19:37:10.282004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T19:37:18.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:02:45.982Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in GNU Binutils 2.45. Impacted is the function _bfd_elf_parse_eh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with \"[f]ixed for 2.46\"."
},
{
"lang": "de",
"value": "In GNU Binutils 2.45 ist eine Schwachstelle entdeckt worden. Betroffen davon ist die Funktion _bfd_elf_parse_eh_frame der Datei bfd/elf-eh-frame.c der Komponente Linker. Durch das Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss auf lokaler Ebene erfolgen. Der Exploit ist \u00f6ffentlich verf\u00fcgbar und k\u00f6nnte genutzt werden. Der Patch wird als ea1a0737c7692737a644af0486b71e4a392cbca8 bezeichnet. Es empfiehlt sich, einen Patch einzuspielen, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T22:32:09.144Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326123 | GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326123"
},
{
"name": "VDB-326123 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326123"
},
{
"name": "Submit #661276 | GNU Binutils 2.45 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661276"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33464#c2"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16358"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea1a0737c7692737a644af0486b71e4a392cbca8"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T15:49:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11082",
"datePublished": "2025-09-27T22:32:09.144Z",
"dateReserved": "2025-09-26T13:44:14.655Z",
"dateUpdated": "2026-05-12T12:02:45.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11083 (GCVE-0-2025-11083)
Vulnerability from cvelistv5 – Published: 2025-09-27 23:02 – Updated: 2026-05-12 12:02 X_Open Source
VLAI
EPSS
Title
GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow
Summary
A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.326124 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.326124 | signaturepermissions-required |
| https://vuldb.com/?submit.661277 | third-party-advisory |
| https://sourceware.org/bugzilla/show_bug.cgi?id=33457 | issue-tracking |
| https://sourceware.org/bugzilla/show_bug.cgi?id=3… | issue-tracking |
| https://sourceware.org/bugzilla/attachment.cgi?id=16353 | exploit |
| https://sourceware.org/git/gitweb.cgi?p=binutils-… | patch |
| https://www.gnu.org/ | product |
| https://cert-portal.siemens.com/productcert/html/… |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| GNU | Binutils |
Affected:
2.45
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.5 , < *
(custom)
|
Credits
JJLeo (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11083",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-29T14:55:22.601358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T14:55:31.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.5",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:02:47.226Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"modules": [
"Linker"
],
"product": "Binutils",
"vendor": "GNU",
"versions": [
{
"status": "affected",
"version": "2.45"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "JJLeo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\"."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in GNU Binutils 2.45 gefunden. Es betrifft die Funktion elf_swap_shdr in der Bibliothek bfd/elfcode.h der Komponente Linker. Durch Manipulieren mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Die Bezeichnung des Patches lautet 9ca499644a21ceb3f946d1c179c38a83be084490. Es ist ratsam, einen Patch zu implementieren, um dieses Problem zu beheben."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-27T23:02:08.428Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-326124 | GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.326124"
},
{
"name": "VDB-326124 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.326124"
},
{
"name": "Submit #661277 | GNU Binutils 2.45 Heap-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.661277"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
},
{
"tags": [
"issue-tracking"
],
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"tags": [
"exploit"
],
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16353"
},
{
"tags": [
"patch"
],
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490"
},
{
"tags": [
"product"
],
"url": "https://www.gnu.org/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-09-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-26T15:52:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-11083",
"datePublished": "2025-09-27T23:02:08.428Z",
"dateReserved": "2025-09-26T13:47:24.943Z",
"dateUpdated": "2026-05-12T12:02:47.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…