Description

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.

INFO

Published Date :

2026-03-06T00:00:00.000Z

Last Modified :

2026-04-22T18:52:10.469Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69651 vulnerability.

Vendors Products
Gnu
  • Binutils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69651.

URL Resource
https://nvd.nist.gov/vuln/detail/CVE-2025-69651 cve-icon
https://sourceware.org/bugzilla/show_bug.cgi?id=33698 cve-icon cve-icon
https://sourceware.org/bugzilla/show_bug.cgi?id=33700 cve-icon cve-icon cve-icon
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=81e90cf63a10ad11772c2437c8f2a88f1a00c739 cve-icon cve-icon
https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ea4bc025abdba85a90e26e13f551c16a44bfa92 cve-icon cve-icon
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-69651 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact