vulnerability
Amazon Linux 2023: CVE-2025-7546: Medium priority package update for binutils
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:S/C:P/I:P/A:P) | Jul 13, 2025 | Sep 30, 2025 | Sep 30, 2025 |
Severity
4
CVSS
(AV:L/AC:L/Au:S/C:P/I:P/A:P)
Published
Jul 13, 2025
Added
Sep 30, 2025
Modified
Sep 30, 2025
Description
A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.
A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.
A flaw was found in gnu-binutils. The `bfd_elf_set_group_contents` function in `bfd/elf.c` contains an out-of-bounds write vulnerability triggered by manipulation of the ELF file contents. This flaw allows a local attacker to provide a crafted file. This manipulation can lead to memory corruption.
Solutions
amazon-linux-2023-upgrade-binutilsamazon-linux-2023-upgrade-binutils-debuginfoamazon-linux-2023-upgrade-binutils-debugsourceamazon-linux-2023-upgrade-binutils-develamazon-linux-2023-upgrade-binutils-gprofngamazon-linux-2023-upgrade-binutils-gprofng-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.