CVE-2025-69646
Denial-of-Service in Binutils objdump via Malformed DWARF Data
Publication date: 2026-03-06
Last updated on: 2026-03-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | 2.44 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Binutils objdump tool when it processes a specially crafted binary containing malformed DWARF debug_rnglists data. Due to a logic error in handling the debug_rnglists header, objdump can enter an unbounded logging loop where it repeatedly prints the same warning message and fails to terminate properly.
This issue was observed in binutils version 2.44 and can be triggered by a local attacker supplying a malicious input file.
How can this vulnerability impact me? :
Exploitation of this vulnerability can cause excessive CPU and I/O usage on the affected system.
It results in a denial-of-service condition by preventing the objdump tool from completing its analysis, as the process gets stuck in an infinite logging loop until manually interrupted.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know