{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-11839", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-16T08:31:52.156Z", "datePublished": "2025-10-16T14:02:13.689Z", "dateUpdated": "2025-10-16T14:15:03.591Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-16T14:02:13.689Z"}, "title": "GNU Binutils prdbg.c tg_tag_type return value", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-252", "lang": "en", "description": "Unchecked Return Value"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-253", "lang": "en", "description": "Incorrect Check of Function Return Value"}]}], "affected": [{"vendor": "GNU", "product": "Binutils", "versions": [{"version": "2.45", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited."}, {"lang": "de", "value": "In GNU Binutils 2.45 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion tg_tag_type der Datei prdbg.c. Die Ver\u00e4nderung resultiert in unchecked return value. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-10-16T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-16T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-16T10:36:58.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.328774", "name": "VDB-328774 | GNU Binutils prdbg.c tg_tag_type return value", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.328774", "name": "VDB-328774 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.661279", "name": "Submit #661279 | GNU Binutils 2.45 Unexpected Status Code or Return Value", "tags": ["third-party-advisory"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "tags": ["issue-tracking"]}, {"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "tags": ["exploit"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-16T14:14:58.421856Z", "id": "CVE-2025-11839", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-16T14:15:03.591Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11839", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-16T14:14:58.421856Z"}}}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-16T14:14:50.292Z"}}], "cna": {"tags": ["x_open-source"], "title": "GNU Binutils prdbg.c tg_tag_type return value", "credits": [{"lang": "en", "type": "reporter", "value": "JJLeo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "GNU", "product": "Binutils", "versions": [{"status": "affected", "version": "2.45"}]}], "timeline": [{"lang": "en", "time": "2025-10-16T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-16T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-16T10:36:58.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.328774", "name": "VDB-328774 | GNU Binutils prdbg.c tg_tag_type return value", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.328774", "name": "VDB-328774 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.661279", "name": "Submit #661279 | GNU Binutils 2.45 Unexpected Status Code or Return Value", "tags": ["third-party-advisory"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448", "tags": ["issue-tracking"]}, {"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16344", "tags": ["exploit"]}, {"url": "https://www.gnu.org/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited."}, {"lang": "de", "value": "In GNU Binutils 2.45 wurde eine Schwachstelle gefunden. Hierbei betrifft es die Funktion tg_tag_type der Datei prdbg.c. Die Ver\u00e4nderung resultiert in unchecked return value. Der Angriff muss lokal angegangen werden. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-252", "description": "Unchecked Return Value"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-253", "description": "Incorrect Check of Function Return Value"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-16T14:02:13.689Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11839", "state": "PUBLISHED", "dateUpdated": "2025-10-16T14:15:03.591Z", "dateReserved": "2025-10-16T08:31:52.156Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-16T14:02:13.689Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack needs to be approached locally. The exploit has been released to the public and may be exploited."}], "id": "CVE-2025-11839", "lastModified": "2025-10-16T15:28:59.610", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-16T14:15:34.860", "references": [{"source": "cna@vuldb.com", "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16344"}, {"source": "cna@vuldb.com", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.328774"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.328774"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.661279"}, {"source": "cna@vuldb.com", "url": "https://www.gnu.org/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33448"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-252"}, {"lang": "en", "value": "CWE-253"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "binutils: GNU Binutils prdbg.c tg_tag_type return value", "id": "2404439", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404439"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-252|CWE-253)", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-11839", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "gcc-toolset-15-binutils", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-13-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-13-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-14-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gcc-toolset-14-gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gcc-toolset-13-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gcc-toolset-13-gdb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gcc-toolset-14-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gcc-toolset-15-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "gdb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "mingw-binutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-10-16T14:02:13Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-11839\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-11839\nhttps://sourceware.org/bugzilla/attachment.cgi?id=16344\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=33448\nhttps://vuldb.com/?ctiid.328774\nhttps://vuldb.com/?id.328774\nhttps://vuldb.com/?submit.661279\nhttps://www.gnu.org/"], "threat_severity": "Low"}

{}