CVE-2025-69644

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

CVSS v3 5.0 MEDIUM

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=33639	Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-06 18:16

Updated : 2026-03-10 20:42

NVD link : CVE-2025-69644

Mitre link : CVE-2025-69644

CVE.ORG link : CVE-2025-69644

JSON object : View

Products Affected

gnu

binutils

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2025-69644", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.3}]}, "published": "2026-03-06T18:16:16.223", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33639", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=455446bbdc8675f34808187de2bbad4682016ff7", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Binutils antes de 2.46. El objdump contiene una vulnerabilidad de denegaci\u00f3n de servicio al procesar un binario manipulado con informaci\u00f3n de depuraci\u00f3n malformada. Un fallo l\u00f3gico en el manejo de los encabezados de lista de ubicaciones DWARF puede hacer que objdump entre en un bucle ilimitado y produzca una salida interminable hasta que se interrumpe manualmente. Este problema afecta a versiones anteriores a la correcci\u00f3n ascendente y permite a un atacante local causar un consumo excesivo de recursos al suministrar un archivo de entrada malicioso."}], "lastModified": "2026-03-10T20:42:09.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8911BD76-7203-4D0C-A777-AF0630022686", "versionEndExcluding": "2.46"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}