AZL-67902

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67902.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67902

Upstream

CVE-2025-11082

Published

2025-09-27T23:15:31Z

Modified

2026-04-01T05:21:18.871804Z

Summary

CVE-2025-11082 affecting package binutils for versions less than 2.37-19

Details

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseeh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

References

https://nvd.nist.gov/vuln/detail/CVE-2025-11082

Affected packages

Azure Linux:2 / binutils

Package

Name: binutils
Purl: pkg:rpm/azure-linux/binutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.37-19

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67902.json"