AZL-67919

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67919.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67919

Upstream

CVE-2025-11083

Published

2025-09-27T23:15:32Z

Modified

2026-04-01T05:21:19.472048Z

Summary

CVE-2025-11083 affecting package binutils for versions less than 2.41-9

Details

A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elfswapshdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with "[f]ixed for 2.46".

References

https://nvd.nist.gov/vuln/detail/CVE-2025-11083

Affected packages

Azure Linux:3 / binutils

Package

Name: binutils
Purl: pkg:rpm/azure-linux/binutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.41-9

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67919.json"