CVE-2025-69649
Null Pointer Dereference in GNU Binutils readelf Causes Crash
Publication date: 2026-03-06
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | to 2.46 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU Binutils through version 2.46, specifically in the readelf tool. It involves a null pointer dereference when processing a specially crafted ELF binary that has malformed header fields.
During the relocation processing phase, an invalid or null section pointer may be passed into the display_relocations() function, which causes a segmentation fault (SIGSEGV) and abrupt termination of the program.
There is no evidence that this vulnerability leads to memory corruption beyond the null pointer dereference, nor does it allow for code execution.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that the readelf tool may crash unexpectedly when processing a maliciously crafted ELF binary.
This results in a denial of service condition where the tool terminates abruptly due to a segmentation fault.
Since there is no evidence of memory corruption or code execution, the risk of further exploitation is minimal.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know