CVE-2025-69644

CWE-400Uncontrolled Resource ConsumptionCWE-6069 documents9 sources
Severity
5.0MEDIUM
EPSS
0.0%
top 99.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Binutils
Timeline
PublishedMar 6
Latest updateMar 10

Description

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:HExploitability: 1.3 | Impact: 3.6

Affected Packages1 packages

NVDgnu/binutils< 2.46

Patches

Patch: sourceware.org

🔴Vulnerability Details

3
OSV
CVE-2025-69644: An issue was discovered in Binutils before 22026-03-06
GHSA
GHSA-6j8w-mcjj-7669: An issue was discovered in Binutils before 22026-03-06
CVEList
CVE-2025-69644: An issue was discovered in Binutils before 22026-03-06

📋Vendor Advisories

3
Microsoft
An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling 2026-03-10
Red Hat
binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information2026-03-06
Debian
CVE-2025-69644: binutils - An issue was discovered in Binutils before 2.46. The objdump contains a denial-o...2025

🕵️Threat Intelligence

1
Wiz
CVE-2025-69644 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

1
Bugzilla
CVE-2025-69644 mingw-binutils: Binutils: Denial of Service via crafted binary with malformed DWARF debug information [fedora-all]2026-03-06