CVE-2025-69652

MEDIUM EPSS 6.9%
Published Mar 6, 20263mo ago · Modified Jun 17, 20262w ago
6.2 CVSS 3.1
Medium
Find Similar
Published Mar 6, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

CVSS Details

Base Score
6.2
Exploitability
2.5
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
6.9% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-460

Affected Products 1

VendorProductVersionRange
gnubinutils* ≤2.46

References 2

  • sourceware.org https://sourceware.org/bugzilla/show_bug.cgi?id=33701
    ExploitThird Party Advisory
  • sourceware.org https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01
    Patch

Remediation

  • sourceware.org https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01
    Patch