Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66863

Опубликовано: 29 дек. 2025
Источник: redhat
CVSS3: 3.3

Описание

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

A flaw was found in BinUtils. Attackers can exploit this vulnerability by providing a specially crafted Portable Executable (PE) file. This can lead to a denial of service, making the affected application unavailable.

Отчет

This vulnerability is rated Low for Red Hat products. The flaw in BinUtils allows for a denial of service when processing a specially crafted Portable Executable (PE) file. For a successful attack to take place the user needs to be tricked to process the maliciously crafted PE binary using the affected program. The consequences of a successful attack is also restricted to the single process instance reading the malicious file and does not have a system-wide effect, presenting a Low impact in the availability criteria.

Меры по смягчению последствий

To reduce the risk of exploitation, users should avoid processing Portable Executable (PE) files from untrusted or unverified sources with BinUtils tools. Limiting the exposure of BinUtils to untrusted input can help prevent denial of service attacks.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10binutilsFix deferred
Red Hat Enterprise Linux 10gcc-toolset-15-binutilsFix deferred
Red Hat Enterprise Linux 10gdbFix deferred
Red Hat Enterprise Linux 10mingw-binutilsFix deferred
Red Hat Enterprise Linux 6binutilsFix deferred
Red Hat Enterprise Linux 7binutilsFix deferred
Red Hat Enterprise Linux 7gdbFix deferred
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-gdbFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2425824binutils: BinUtils: Denial of Service via crafted PE file

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-66863

CVSS3: 7.5
ubuntu
3 месяца назад

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

nvd логотип

CVE-2025-66863

CVSS3: 7.5
nvd
3 месяца назад

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian логотип

CVE-2025-66863

CVSS3: 7.5
debian
3 месяца назад

An issue was discovered in function d_discriminator in file cp-demangl ...

github логотип

GHSA-vphr-3984-5c8w

CVSS3: 7.5
github
3 месяца назад

An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

3.3 Low

CVSS3