OESA-2025-2628

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed.

Security Fix(es):

A critical vulnerability (CWE-122) has been found in GNU Binutils 2.45. This is a heap overflow condition where the buffer overflow occurs in the heap memory region, generally meaning the buffer was allocated using routines like malloc(). This vulnerability impacts confidentiality, integrity, and availability. The exploit is available for download at sourceware.org and is declared as proof-of-concept. The code maintainer replied with [f]ixed for 2.46 . Applying patch 9ca499644a21ceb3f946d1c179c38a83be084490 can eliminate this problem. The bugfix is ready for download at sourceware.org.(CVE-2025-11083)

A vulnerability has been found in GNU Binutils 2.45. This impacts the function bfdelfgcrecordvtentry of the file bfd/elflink.c of the component Linker. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of the patch is 047435dd988a3975d40c6626a8f739a0b2e154bc. To fix this issue, it is recommended to deploy a patch.(CVE-2025-11412)

A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. This patch is called 16357. It is best practice to apply a patch to resolve this issue.(CVE-2025-11840)