CVE-2025-69645

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=33637	Exploit Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:binutils:2.44:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-06 18:16

Updated : 2026-03-20 17:08

NVD link : CVE-2025-69645

Mitre link : CVE-2025-69645

CVE.ORG link : CVE-2025-69645

JSON object : View

Products Affected

gnu

binutils

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2025-69645", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-03-06T18:16:16.367", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33637", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cdb728d4da6184631989b192f1022c219dea7677", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file."}, {"lang": "es", "value": "Binutils objdump contiene una vulnerabilidad de denegaci\u00f3n de servicio al procesar un binario manipulado con informaci\u00f3n de depuraci\u00f3n DWARF malformada. Un error l\u00f3gico en el manejo de las unidades de compilaci\u00f3n DWARF puede resultar en que se utilice un valor offset_size no v\u00e1lido dentro de byte_get_little_endian, lo que lleva a una interrupci\u00f3n (SIGABRT). El problema fue observado en binutils 2.44. Un atacante local puede desencadenar el fallo al proporcionar un archivo de entrada malicioso."}], "lastModified": "2026-03-20T17:08:38.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:2.44:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C0316B8-F6B0-46B1-BE93-DD52D7EC3357"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}