CVE-2025-69645

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-69645
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=33637 Exploit Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:binutils:2.44:*:*:*:*:*:*:*
History

20 Mar 2026, 17:08

Type Values Removed Values Added
First Time Gnu
Gnu binutils
References () https://sourceware.org/bugzilla/show_bug.cgi?id=33637 - () https://sourceware.org/bugzilla/show_bug.cgi?id=33637 - Exploit, Issue Tracking
References () https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677 - () https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677 - Third Party Advisory
CPE cpe:2.3:a:gnu:binutils:2.44:*:*:*:*:*:*:*

10 Mar 2026, 17:24

Type Values Removed Values Added
CWE CWE-400
Summary
  • (es) Binutils objdump contiene una vulnerabilidad de denegación de servicio al procesar un binario manipulado con información de depuración DWARF malformada. Un error lógico en el manejo de las unidades de compilación DWARF puede resultar en que se utilice un valor offset_size no válido dentro de byte_get_little_endian, lo que lleva a una interrupción (SIGABRT). El problema fue observado en binutils 2.44. Un atacante local puede desencadenar el fallo al proporcionar un archivo de entrada malicioso.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.5

06 Mar 2026, 18:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-03-06 18:16

Updated : 2026-03-20 17:08

NVD link : CVE-2025-69645

Mitre link : CVE-2025-69645

CVE.ORG link : CVE-2025-69645

JSON object : View

Products Affected

gnu

  • binutils
CWE
CWE-400

Uncontrolled Resource Consumption