6.2

CVE-2025-69652

Exploit

EPSS 0.02%
Veröffentlicht 06.03.2026 00:00:00
Zuletzt bearbeitet 11.03.2026 15:49:59
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Binutils Version <= 2.46

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.065

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.2	2.5	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-460 Improper Cleanup on Thrown Exception

The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.

https://sourceware.org/bugzilla/show_bug.cgi?id=33701

Third Party Advisory

Exploit

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=44b79abd0fa12e7947252eb4c6e5d16ed6033e01

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-69652

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69652

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69652

EUVD