CVE-2025-0840

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-0840

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-0840.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-0840

Related

Published

2025-01-29T20:15:35Z

Modified

2025-03-10T18:06:51.939836Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

References

Affected packages

Alpine:v3.19 / binutils

Package

Name: binutils
Purl: pkg:apk/alpine/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.41-r1

Affected versions

2.*

2.20.51.0.4-r1

2.20.51.0.12-r0

2.21-r0

2.21.1-r0

2.22-r0

2.22-r1

2.23-r0

2.23.1-r0

2.23.2-r0

2.23.2-r1

2.23.2-r2

2.23.2-r3

2.23.2-r4

2.23.2-r5

2.24-r0

2.24-r1

2.24-r2

2.24-r3

2.24-r4

2.24-r5

2.25-r0

2.25-r1

2.25-r2

2.25-r3

2.25.1-r0

2.26-r0

2.26.1-r0

2.27-r0

2.27-r1

2.28-r0

2.28-r1

2.28-r2

2.28-r3

2.30-r0

2.30-r1

2.30-r2

2.30-r3

2.30-r4

2.30-r5

2.31.1-r0

2.31.1-r1

2.31.1-r2

2.32-r0

2.33.1-r0

2.33.1-r1

2.34-r0

2.34-r1

2.35.1-r0

2.35.1-r1

2.35.2-r0

2.35.2-r1

2.35.2-r2

2.37-r0

2.37-r1

2.37-r2

2.37-r3

2.37-r4

2.38-r0

2.38-r1

2.38-r2

2.38-r3

2.38-r4

2.39-r0

2.39-r1

2.39-r2

2.39-r3

2.40-r0

2.40-r1

2.40-r2

2.40-r3

2.40-r4

2.40-r5

2.40-r6

2.40-r7

2.40-r8

2.40-r9

2.40-r10

2.40-r11

2.40-r12

2.41-r0

Alpine:v3.20 / binutils

Package

Name: binutils
Purl: pkg:apk/alpine/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.42-r1

Affected versions

2.*

2.20.51.0.4-r1

2.20.51.0.12-r0

2.21-r0

2.21.1-r0

2.22-r0

2.22-r1

2.23-r0

2.23.1-r0

2.23.2-r0

2.23.2-r1

2.23.2-r2

2.23.2-r3

2.23.2-r4

2.23.2-r5

2.24-r0

2.24-r1

2.24-r2

2.24-r3

2.24-r4

2.24-r5

2.25-r0

2.25-r1

2.25-r2

2.25-r3

2.25.1-r0

2.26-r0

2.26.1-r0

2.27-r0

2.27-r1

2.28-r0

2.28-r1

2.28-r2

2.28-r3

2.30-r0

2.30-r1

2.30-r2

2.30-r3

2.30-r4

2.30-r5

2.31.1-r0

2.31.1-r1

2.31.1-r2

2.32-r0

2.33.1-r0

2.33.1-r1

2.34-r0

2.34-r1

2.35.1-r0

2.35.1-r1

2.35.2-r0

2.35.2-r1

2.35.2-r2

2.37-r0

2.37-r1

2.37-r2

2.37-r3

2.37-r4

2.38-r0

2.38-r1

2.38-r2

2.38-r3

2.38-r4

2.39-r0

2.39-r1

2.39-r2

2.39-r3

2.40-r0

2.40-r1

2.40-r2

2.40-r3

2.40-r4

2.40-r5

2.40-r6

2.40-r7

2.40-r8

2.40-r9

2.40-r10

2.40-r11

2.40-r12

2.41-r0

2.42-r0

Alpine:v3.21 / binutils

Package

Name: binutils
Purl: pkg:apk/alpine/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.43.1-r2

Affected versions

2.*

2.20.51.0.4-r1

2.20.51.0.12-r0

2.21-r0

2.21.1-r0

2.22-r0

2.22-r1

2.23-r0

2.23.1-r0

2.23.2-r0

2.23.2-r1

2.23.2-r2

2.23.2-r3

2.23.2-r4

2.23.2-r5

2.24-r0

2.24-r1

2.24-r2

2.24-r3

2.24-r4

2.24-r5

2.25-r0

2.25-r1

2.25-r2

2.25-r3

2.25.1-r0

2.26-r0

2.26.1-r0

2.27-r0

2.27-r1

2.28-r0

2.28-r1

2.28-r2

2.28-r3

2.30-r0

2.30-r1

2.30-r2

2.30-r3

2.30-r4

2.30-r5

2.31.1-r0

2.31.1-r1

2.31.1-r2

2.32-r0

2.33.1-r0

2.33.1-r1

2.34-r0

2.34-r1

2.35.1-r0

2.35.1-r1

2.35.2-r0

2.35.2-r1

2.35.2-r2

2.37-r0

2.37-r1

2.37-r2

2.37-r3

2.37-r4

2.38-r0

2.38-r1

2.38-r2

2.38-r3

2.38-r4

2.39-r0

2.39-r1

2.39-r2

2.39-r3

2.40-r0

2.40-r1

2.40-r2

2.40-r3

2.40-r4

2.40-r5

2.40-r6

2.40-r7

2.40-r8

2.40-r9

2.40-r10

2.40-r11

2.40-r12

2.41-r0

2.42-r0

2.42-r1

2.43-r0

2.43.1-r0

2.43.1-r1

Debian:11 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.35.2-2

2.35.50.20201103-1

2.35.50.20201125-1

2.35.50.20201206-1

2.35.50.20201209-1

2.35.50.20201218-1

2.35.50.20210106-1

2.35.90.20210113-1

2.35.90.20210120-1

2.36-1

2.36-2

2.36-2+2.35.2

2.36-2+2.35.2.1

2.36+2.35.2-1

2.36.1-1

2.36.1-2

2.36.1-3

2.36.1-4

2.36.1-5

2.36.1-6

2.36.50.20210601-1

2.36.50.20210618-1

2.36.50.20210628-1

2.36.90.20210705-1

2.37-1

2.37-2

2.37-3

2.37-4

2.37-5

2.37-6

2.37-7

2.37-8

2.37-9

2.37-10

2.37-10.1

2.37.50.20211102-1

2.37.50.20211115-1

2.37.50.20211118-1

2.37.50.20211201-1

2.37.50.20220106-1

2.37.50.20220106-2

2.37.50.20220121-1

2.37.90.20220123-1

2.37.90.20220123-2

2.37.90.20220130-1

2.37.90.20220130-2

2.37.90.20220207-1

2.38-1

2.38-2

2.38-3

2.38-4

2.38.50.20220503-1

2.38.50.20220509-1

2.38.50.20220512-1

2.38.50.20220527-1

2.38.50.20220527-2

2.38.50.20220609-1

2.38.50.20220609-2

2.38.50.20220615-1

2.38.50.20220615-2

2.38.50.20220615-3

2.38.50.20220615-4

2.38.50.20220622-1

2.38.50.20220627-1

2.38.50.20220629-1

2.38.50.20220629-2

2.38.50.20220629-3

2.38.50.20220629-4

2.38.50.20220707-1

2.38.90.20220713-1

2.38.90.20220713-2

2.39-1

2.39-2

2.39-3

2.39-4

2.39-5

2.39-6

2.39-7

2.39-8

2.39.50.20221004-1

2.39.50.20221010-1

2.39.50.20221101-1

2.39.50.20221101-2

2.39.50.20221116-1

2.39.50.20221129-1

2.39.50.20221208-1

2.39.50.20221208-2

2.39.50.20221208-3

2.39.50.20221208-4

2.39.50.20221208-5

2.39.50.20221224-1

2.39.90.20221231-1

2.39.90.20230104-1

2.39.90.20230110-1

2.40-1

2.40-2

2.40.50.20230111-1

2.40.50.20230215-1

2.40.50.20230501-1

2.40.50.20230510-1

2.40.50.20230602-1

2.40.50.20230611-1

2.40.50.20230611-2

2.40.50.20230622-1

2.40.50.20230625-1

2.40.50.20230630-1

2.40.90.20230705-1

2.40.90.20230714-1

2.40.90.20230714-2

2.40.90.20230720-1

2.40.90.20230729-1

2.40.90.20230729-2

2.41-1

2.41-2

2.41-3

2.41-4

2.41-5

2.41-6

2.41-7

2.41.50.20230731-1

2.41.50.20230803-1

2.41.50.20230905-1

2.41.50.20231010-1

2.41.50.20231101-1

2.41.50.20231125-1

2.41.50.20231202-1

2.41.50.20231206-1

2.41.50.20231214-1

2.41.50.20231227-1

2.41.90.20240115-1

2.41.90.20240122-1

2.42-1

2.42-2

2.42-2+hurd.1

2.42-3

2.42-4

2.42.50.20240614-1

2.42.50.20240618-1

2.42.50.20240625-1

2.42.50.20240710-1

2.42.90.20240720-1

2.42.90.20240720-2

2.43-1

2.43-2

2.43.1-1

2.43.1-2

2.43.1-3

2.43.1-4

2.43.1-5

2.43.50.20240817-1

2.43.50.20240909-1

2.43.50.20241004-1

2.43.50.20241112-1

2.43.50.20241126-1

2.43.50.20241126-2

2.43.50.20241126-3

2.43.50.20241204-1

2.43.50.20241204-2

2.43.50.20241210-1

2.43.50.20241215-1

2.43.50.20241221-1

2.43.50.20241230-1

2.43.50.20250108-1

2.43.90.20250122-1

2.43.90.20250122-2

2.43.90.20250127-1

2.43.90.20250202-1

2.44-1

2.44-2

2.44-3

2.44.50.20250201-1

2.44.50.20250207-1

2.44.50.20250218-1

2.44.50.20250218-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.40-2

2.40.50.20230111-1

2.40.50.20230215-1

2.40.50.20230501-1

2.40.50.20230510-1

2.40.50.20230602-1

2.40.50.20230611-1

2.40.50.20230611-2

2.40.50.20230622-1

2.40.50.20230625-1

2.40.50.20230630-1

2.40.90.20230705-1

2.40.90.20230714-1

2.40.90.20230714-2

2.40.90.20230720-1

2.40.90.20230729-1

2.40.90.20230729-2

2.41-1

2.41-2

2.41-3

2.41-4

2.41-5

2.41-6

2.41-7

2.41.50.20230731-1

2.41.50.20230803-1

2.41.50.20230905-1

2.41.50.20231010-1

2.41.50.20231101-1

2.41.50.20231125-1

2.41.50.20231202-1

2.41.50.20231206-1

2.41.50.20231214-1

2.41.50.20231227-1

2.41.90.20240115-1

2.41.90.20240122-1

2.42-1

2.42-2

2.42-2+hurd.1

2.42-3

2.42-4

2.42.50.20240614-1

2.42.50.20240618-1

2.42.50.20240625-1

2.42.50.20240710-1

2.42.90.20240720-1

2.42.90.20240720-2

2.43-1

2.43-2

2.43.1-1

2.43.1-2

2.43.1-3

2.43.1-4

2.43.1-5

2.43.50.20240817-1

2.43.50.20240909-1

2.43.50.20241004-1

2.43.50.20241112-1

2.43.50.20241126-1

2.43.50.20241126-2

2.43.50.20241126-3

2.43.50.20241204-1

2.43.50.20241204-2

2.43.50.20241210-1

2.43.50.20241215-1

2.43.50.20241221-1

2.43.50.20241230-1

2.43.50.20250108-1

2.43.90.20250122-1

2.43.90.20250122-2

2.43.90.20250127-1

2.43.90.20250202-1

2.44-1

2.44-2

2.44-3

2.44.50.20250201-1

2.44.50.20250207-1

2.44.50.20250218-1

2.44.50.20250218-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / binutils

Package

Name: binutils
Purl: pkg:deb/debian/binutils?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.43.90.20250122-1

Affected versions

2.*

2.40-2

2.40.50.20230111-1

2.40.50.20230215-1

2.40.50.20230501-1

2.40.50.20230510-1

2.40.50.20230602-1

2.40.50.20230611-1

2.40.50.20230611-2

2.40.50.20230622-1

2.40.50.20230625-1

2.40.50.20230630-1

2.40.90.20230705-1

2.40.90.20230714-1

2.40.90.20230714-2

2.40.90.20230720-1

2.40.90.20230729-1

2.40.90.20230729-2

2.41-1

2.41-2

2.41-3

2.41-4

2.41-5

2.41-6

2.41-7

2.41.50.20230731-1

2.41.50.20230803-1

2.41.50.20230905-1

2.41.50.20231010-1

2.41.50.20231101-1

2.41.50.20231125-1

2.41.50.20231202-1

2.41.50.20231206-1

2.41.50.20231214-1

2.41.50.20231227-1

2.41.90.20240115-1

2.41.90.20240122-1

2.42-1

2.42-2

2.42-2+hurd.1

2.42-3

2.42-4

2.42.50.20240614-1

2.42.50.20240618-1

2.42.50.20240625-1

2.42.50.20240710-1

2.42.90.20240720-1

2.42.90.20240720-2

2.43-1

2.43-2

2.43.1-1

2.43.1-2

2.43.1-3

2.43.1-4

2.43.1-5

2.43.50.20240817-1

2.43.50.20240909-1

2.43.50.20241004-1

2.43.50.20241112-1

2.43.50.20241126-1

2.43.50.20241126-2

2.43.50.20241126-3

2.43.50.20241204-1

2.43.50.20241204-2

2.43.50.20241210-1

2.43.50.20241215-1

2.43.50.20241221-1

2.43.50.20241230-1

2.43.50.20250108-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / sourceware.org/git/binutils-gdb.git

Affected ranges

Type: GIT
Repo: https://sourceware.org/git/binutils-gdb.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

815d9a14cbbb3b81843f7566222c87fb22e7255d

Affected versions

Other

binu_ss_19990502

binutils-2_41-release

gdb-10-branchpoint

gdb-11-branchpoint

gdb-12-branchpoint

gdb-13-branchpoint

gdb-14-branchpoint

gdb-15-branchpoint

gdb-16-branchpoint

gdb-4_18-branchpoint

gdb-9-branchpoint

gdb_5_2-branchpoint

gdb_5_3-branchpoint

gdb_6_0-branchpoint

gdb_6_1-branchpoint

gdb_6_2-branchpoint

gdb_6_3-branchpoint

gdb_6_4-branchpoint

gdb_6_5-branchpoint

gdb_6_6-branchpoint

gdb_6_7-branchpoint

gdb_6_8-branchpoint

gdb_7_0-branchpoint

gdb_7_1-branchpoint

gdb_7_2-branchpoint

gdb_7_3-branchpoint

gdb_7_4-branchpoint

gdb_7_5-branchpoint

gdb_7_6-branchpoint

readline_4_0

users/ARM/embedded-binutils-master-2016q4

users/ARM/embedded-binutils-master-2017q4

users/ARM/embedded-binutils-master-2018q4

users/ARM/embedded-gdb-master-2017q4

users/ARM/embedded-gdb-master-2018q4

gdb-7.*

gdb-7.10-branchpoint

gdb-7.11-branchpoint

gdb-7.12-branchpoint

gdb-7.7-branchpoint

gdb-7.8-branchpoint

gdb-7.9-branchpoint

gdb-8.*

gdb-8.0-branchpoint

gdb-8.1-branchpoint

gdb-8.2-branchpoint

gdb-8.3-branchpoint