CVE-2025-0840

Summary

A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.

Affected Software

VendorProductVersion RangeStatus
GNUBinutils2.0affected
GNUBinutils2.1affected
GNUBinutils2.2affected
GNUBinutils2.3affected
GNUBinutils2.4affected
GNUBinutils2.5affected
GNUBinutils2.6affected
GNUBinutils2.7affected
GNUBinutils2.8affected
GNUBinutils2.9affected
GNUBinutils2.10affected
GNUBinutils2.11affected
GNUBinutils2.12affected
GNUBinutils2.13affected
GNUBinutils2.14affected
GNUBinutils2.15affected
GNUBinutils2.16affected
GNUBinutils2.17affected
GNUBinutils2.18affected
GNUBinutils2.19affected
GNUBinutils2.20affected
GNUBinutils2.21affected
GNUBinutils2.22affected
GNUBinutils2.23affected
GNUBinutils2.24affected
GNUBinutils2.25affected
GNUBinutils2.26affected
GNUBinutils2.27affected
GNUBinutils2.28affected
GNUBinutils2.29affected
GNUBinutils2.30affected
GNUBinutils2.31affected
GNUBinutils2.32affected
GNUBinutils2.33affected
GNUBinutils2.34affected
GNUBinutils2.35affected
GNUBinutils2.36affected
GNUBinutils2.37affected
GNUBinutils2.38affected
GNUBinutils2.39affected
GNUBinutils2.40affected
GNUBinutils2.41affected
GNUBinutils2.42affected
GNUBinutils2.43affected

Weaknesses

  • CWE-121: Stack-based Buffer Overflow
  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References