Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-66866

Опубликовано: 29 дек. 2025
Источник: redhat
CVSS3: 3.3

Описание

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

A flaw was found in BinUtils. An attacker can exploit a vulnerability in the d_abi_tags function within the cp-demangle.c file by providing a specially crafted Portable Executable (PE) file. This can lead to a Denial of Service (DoS), making the affected application unavailable to legitimate users.

Отчет

This vulnerability is rated Low for Red Hat products. The flaw in BinUtils allows for a denial of service when processing a specially crafted Portable Executable (PE) file. For a successful attack to take place the user needs to be tricked to process the maliciously crafted PE binary using the affected program. The consequences of a successful attack is also restricted to the single process instance reading the malicious file and does not have a system-wide effect, presenting a Low impact in the availability criteria.

Меры по смягчению последствий

To mitigate this issue, users should avoid processing untrusted Portable Executable (PE) files with applications linked against BinUtils. Restricting the source of PE files to trusted origins can reduce the attack surface.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10binutilsFix deferred
Red Hat Enterprise Linux 10gcc-toolset-15-binutilsFix deferred
Red Hat Enterprise Linux 10gdbFix deferred
Red Hat Enterprise Linux 10mingw-binutilsFix deferred
Red Hat Enterprise Linux 6binutilsFix deferred
Red Hat Enterprise Linux 7binutilsFix deferred
Red Hat Enterprise Linux 7gdbFix deferred
Red Hat Enterprise Linux 8binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-binutilsFix deferred
Red Hat Enterprise Linux 8gcc-toolset-14-gdbFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2425830binutils: BinUtils: Denial of Service via crafted PE file

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-66866

CVSS3: 7.5
ubuntu
3 месяца назад

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

nvd логотип

CVE-2025-66866

CVSS3: 7.5
nvd
3 месяца назад

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

debian логотип

CVE-2025-66866

CVSS3: 7.5
debian
3 месяца назад

An issue was discovered in function d_abi_tags in file cp-demangle.c i ...

github логотип

GHSA-gjrj-58f4-pgrh

CVSS3: 5.5
github
3 месяца назад

An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

3.3 Low

CVSS3