CVE-2025-69648

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=33641	Exploit Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-09 15:15

Updated : 2026-03-13 16:43

NVD link : CVE-2025-69648

Mitre link : CVE-2025-69648

CVE.ORG link : CVE-2025-69648

JSON object : View

Products Affected

gnu

binutils

CWE

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

{"id": "CVE-2025-69648", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.5}]}, "published": "2026-03-09T15:15:52.210", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33641", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33", "tags": ["Patch"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed."}, {"lang": "es", "value": "GNU Binutils hasta la versi\u00f3n 2.45.1 readelf contiene una vulnerabilidad de denegaci\u00f3n de servicio al procesar un binario manipulado con datos DWARF .debug_rnglists malformados. Un fallo l\u00f3gico en la ruta de an\u00e1lisis DWARF provoca que readelf imprima repetidamente el mismo mensaje de advertencia sin avanzar, lo que resulta en un bucle de salida no terminante que requiere interrupci\u00f3n manual. No se observ\u00f3 evidencia de corrupci\u00f3n de memoria ni ejecuci\u00f3n de c\u00f3digo."}], "lastModified": "2026-03-13T16:43:41.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5636F25-118E-4BA7-9A62-6AFCC5CF7FC9", "versionEndIncluding": "2.45.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}