CVE-2025-69650
Received Received - Intake
Double Free Vulnerability in GNU Binutils readelf Causes DoS

Publication date: 2026-03-06

Last updated on: 2026-03-19

Assigner: MITRE

Description
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69650
EUVD
EUVD-2025-208346
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gnu binutils to 2.46 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-415 The product calls free() twice on the same memory address.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in GNU Binutils through version 2.46, specifically in the readelf tool. It involves a double free error when processing a specially crafted ELF binary that contains malformed relocation data. During the handling of GOT relocations, a function may return early without properly initializing an array, which leads to another function passing an uninitialized pointer to free(). This causes the program to attempt to free the same memory twice, resulting in the program terminating unexpectedly with a SIGABRT signal.

Impact Analysis

The impact of this vulnerability is limited to denial of service. When triggered, the affected program (readelf) will terminate unexpectedly due to the double free error. There is no evidence that this vulnerability can be exploited to achieve memory corruption or code execution.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69650. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart