CVE-2025-69652

Published: 3/6/2026 Last updated: 3/9/2026 Reserved: 1/9/2026

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.2	Medium	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Opam packages affected (3)

bap-std clangml conf-binutils

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 6.0.6003.23070

References (4)

https://sourceware.org/bugzilla/show_bug.cgi?id=33701
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=44b79abd0fa12e7947252eb4c6e5d16ed6033e01
https://sourceware.org/bugzilla/show_bug.cgi?id=33701
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=44b79abd0fa12e7947252eb4c6e5d16ed6033e01