CVE-2025-69646

Name
CVE-2025-69646
Description
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
cve@mitre.org https://sourceware.org/bugzilla/show_bug.cgi?id=33638
cve@mitre.org https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:binutils:2.44:*:*:*:*:*:*:* binutils == None == 2.44

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
binutils edge-main 2.44-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils edge-main 2.44-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils edge-main 2.44-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils edge-main 2.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.22-main 2.44-r3 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.22-main 2.44-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
binutils 3.22-main 2.44-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable