CVE-2025-69651 - Vulnerability Details

- binutils: Binutils: Denial of Service via crafted ELF binary processing

Description

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.

Published: 2026-03-06

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

GNU Binutils up to version 2.46 includes a defect in the readelf component that can cause an invalid pointer free when it processes a crafted ELF binary with malformed relocation or symbol data. The bug is triggered if the routine that dumps relocations terminates early due to parse errors, leaving the internal relocation array only partially initialized. Later, when the relocation processing routine attempts to free a symbol pointer that was never set, glibc detects an invalid free and aborts the program with SIGABRT. Only a crash is observed; no further memory corruption or code execution has been documented, so the impact is limited to service disruption.

Affected Systems

The affected product is GNU Binutils for all releases up to and including 2.46. The vulnerability is reported for the readelf utility in these releases; it is not present in any tagged release beyond 2.46 and was observed only in pre‑release code, so systems running newer stable releases are unaffected.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is below 1%, showing a very low probability that the flaw will be widely exploited. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is local execution: an attacker who can run readelf on a malicious ELF file can trigger the crash. Without ability to supply a crafted ELF file to the vulnerable binary, the exploitability is limited to environments that process untrusted binaries with readelf.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Gnu

Binutils

100%

Version	Status	Scheme	Platform
`[0,2.46]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the patch committed in sourceware repository revision 81e90cf63a10ad11772c2437c8f2a88f1a00c739 or ea4bc025abdba85a90e26e13f551c16a44bfa92.
Upgrade to a Binutils release newer than 2.46 that incorporates the fix, such as version 2.47 or later.
If an upgrade is not immediately achievable, restrict use of the readelf utility to trusted binaries only and consider disabling it for untrusted input to prevent accidental crashes.

Generated by OpenCVE AI on May 1, 2026 at 05:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00007.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2025-69651
https://sourceware.org/bugzilla/show_bug.cgi?id=33698
https://sourceware.org/bugzilla/show_bug.cgi?id=33700
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=81e90cf63a10ad11772c2437c8f2a88f1a00c739
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ea4bc025abdba85a90e26e13f551c16a44bfa92
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921
https://www.cve.org/CVERecord?id=CVE-2025-69651

History

Thu, 19 Mar 2026 13:00:00 +0000

Type	Values Removed	Values Added
Description	GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.	GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
References		https://sourceware.org/bugzilla/show_bug.cgi?id=33698 https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=81e90cf63a10ad11772c2437c8f2a88f1a00c739 https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ea4bc025abdba85a90e26e13f551c16a44bfa92

Tue, 10 Mar 2026 20:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:gnu:binutils::::::::

Tue, 10 Mar 2026 03:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-476
Metrics	cvssV3_1 `{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}`

Mon, 09 Mar 2026 10:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gnu Gnu binutils
Vendors & Products		Gnu Gnu binutils

Sat, 07 Mar 2026 12:15:00 +0000

Type	Values Removed	Values Added
Title		binutils: Binutils: Denial of Service via crafted ELF binary processing
Weaknesses		CWE-824
References		https://nvd.nist.gov/vuln/detail/CVE-2025-69651 https://www.cve.org/CVERecord?id=CVE-2025-69651
Metrics	threat_severity `None`	cvssV3_1 `{'score': 2.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L'}` threat_severity `Low`

Fri, 06 Mar 2026 18:15:00 +0000

Type	Values Removed	Values Added
Description		GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.
References		https://sourceware.org/bugzilla/show_bug.cgi?id=33700 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921

Subscriptions

Gnu Binutils

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-03-06T00:00:00.000Z

Updated: 2026-04-22T18:52:10.469Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69651

Vulnrichment

Updated: 2026-03-10T02:41:37.766Z

NVD

Status : Modified

Published: 2026-03-06T18:16:16.633

Modified: 2026-03-19T13:16:05.183

Link: CVE-2025-69651

Redhat

Severity : Low

Publid Date: 2026-03-06T00:00:00Z

Links: CVE-2025-69651 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-01T06:00:13Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object