CVE-2025-69652
Denial of Service in GNU Binutils readelf via Malformed DWARF Parsing
Publication date: 2026-03-06
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | binutils | to 2.46 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-460 | The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in GNU Binutils through version 2.46, specifically in the readelf tool. It occurs when readelf processes a specially crafted ELF binary containing malformed DWARF abbreviation or debug information. Due to incomplete cleanup of internal state in the function process_debug_info(), an invalid debug_info_p state can propagate into DWARF attribute parsing routines. When certain malformed attributes cause an unexpected data length of zero, the function byte_get_little_endian() triggers a fatal abort (SIGABRT), causing the program to terminate unexpectedly.
How can this vulnerability impact me? :
The impact of this vulnerability is limited to denial of service. When exploited, it causes the readelf tool to abort unexpectedly, which could disrupt processes relying on readelf to analyze ELF binaries. There is no evidence that this vulnerability leads to memory corruption or code execution.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know