Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66861

Опубликовано: 29 дек. 2025
Источник: redhat
CVSS3: 3.3

Описание

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger an out-of-bounds read in the d_unqualified_name function in the cp-demangle.c file, causing a crash and resulting in a denial of service.

Отчет

This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this out-of-bounds read is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with cxxfilt. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10binutilsFix deferred
Red Hat Enterprise Linux 10gcc-toolset-15-binutilsFix deferred
Red Hat Enterprise Linux 10gdbFix deferred
Red Hat Enterprise Linux 10mingw-binutilsFix deferred
Red Hat Enterprise Linux 6binutilsFix deferred
Red Hat Enterprise Linux 7binutilsFix deferred
Red Hat Enterprise Linux 7gdbFix deferred
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-gdbFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2425823binutils: out-of-bounds read in d_unqualified_name() in cp-demangle.c

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-66861

CVSS3: 2.5
ubuntu
3 месяца назад

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

nvd логотип

CVE-2025-66861

CVSS3: 2.5
nvd
3 месяца назад

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

debian логотип

CVE-2025-66861

CVSS3: 2.5
debian
3 месяца назад

An issue was discovered in function d_unqualified_name in file cp-dema ...

github логотип

GHSA-r326-pp3g-7cq4

CVSS3: 2.5
github
3 месяца назад

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

3.3 Low

CVSS3