Primary

Context

GNU Binutils Heap-Based Buffer Overflow Vulnerability

Vulnerability

A critical heap-based buffer overflow vulnerability has been identified in GNU Binutils version 2.43. This issue arises in the linker component (ld), specifically within the '_bfd_elf_gc_mark_rsec' function of 'elflink.c'. The vulnerability can be exploited remotely, although the attack's complexity is high and exploitation is known to be difficult.

Impact

Exploitation of this vulnerability could result in a heap-based buffer overflow, a serious memory corruption issue that can lead to arbitrary code execution or other malicious outcomes.

Remediation

Users are advised to apply the patch associated with this vulnerability, which is available in the NetApp advisory NTAP-20250411-0007.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

7.5

exploitability

6.0

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GNU Binutils Heap-Based Buffer Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

GNU Binutils

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating