Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66865

Опубликовано: 29 дек. 2025
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

A flaw was found in binutils. Processing a specially crafted PE file with cxxfilt can trigger a stack overflow in the d_print_comp_inner function in the cp-demangle.c file, causing a crash and resulting in a denial of service.

Отчет

This issue is classified with a low severity primarily because binutils is not typically exposed to untrusted inputs in most environments, limiting the possibility of exploitation. Additionally, this stack overflow is only triggered during the parsing of a specially crafted file, requiring an attacker to convince a user to process this file with cxxfilt. Furthermore, binutils does not handle privileged operations, meaning that exploitation is unlikely to lead to system compromise or escalation of privileges. Also, the impact is limited to the application itself, without affecting the broader system or network security.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10binutilsFix deferred
Red Hat Enterprise Linux 10gcc-toolset-15-binutilsFix deferred
Red Hat Enterprise Linux 10gdbFix deferred
Red Hat Enterprise Linux 10mingw-binutilsFix deferred
Red Hat Enterprise Linux 6binutilsFix deferred
Red Hat Enterprise Linux 7binutilsFix deferred
Red Hat Enterprise Linux 7gdbFix deferred
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-gdbFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=2425822binutils: stack overflow in d_print_comp_inner() in cp-demangle.c

EPSS

Процентиль: 23%
0.00076
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-66865

CVSS3: 7.5
ubuntu
3 месяца назад

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

nvd логотип

CVE-2025-66865

CVSS3: 7.5
nvd
3 месяца назад

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian логотип

CVE-2025-66865

CVSS3: 7.5
debian
3 месяца назад

An issue was discovered in function d_print_comp_inner in file cp-dema ...

github логотип

GHSA-w539-2pgj-g759

CVSS3: 7.5
github
3 месяца назад

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

EPSS

Процентиль: 23%
0.00076
Низкий

3.3 Low

CVSS3