Description

GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.

INFO

Published Date :

2026-03-06T00:00:00.000Z

Last Modified :

2026-03-19T12:36:40.056Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69650 vulnerability.

Vendors Products
Gnu
  • Binutils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69650.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-69650 cve-icon
https://sourceware.org/bugzilla/show_bug.cgi?id=33698 cve-icon cve-icon cve-icon cve-icon
https://sourceware.org/bugzilla/show_bug.cgi?id=33700 cve-icon cve-icon
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=81e90cf63a10ad11772c2437c8f2a88f1a00c739 cve-icon cve-icon
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ea4bc025abdba85a90e26e13f551c16a44bfa92 cve-icon cve-icon
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-69650 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact