AZL-67925

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67925.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-67925

Upstream

CVE-2025-11082

Published

2025-09-27T23:15:31Z

Modified

2026-04-01T05:21:19.378922Z

Summary

CVE-2025-11082 affecting package crash for versions less than 8.0.4-5

Details

A flaw has been found in GNU Binutils 2.45. Impacted is the function bfdelfparseeh_frame of the file bfd/elf-eh-frame.c of the component Linker. Executing manipulation can lead to heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. This patch is called ea1a0737c7692737a644af0486b71e4a392cbca8. A patch should be applied to remediate this issue. The code maintainer replied with "[f]ixed for 2.46".

References

https://nvd.nist.gov/vuln/detail/CVE-2025-11082

Affected packages

Azure Linux:3 / crash

Package

Name: crash
Purl: pkg:rpm/azure-linux/crash

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.4-5

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-67925.json"