Msrc Cbl2 Binutils 2.37-20 On Cbl Mariner 2.0 vulnerabilities

CVE-2026-4746 [CRITICAL] CWE-787 Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Heap Buffer Over-Write Vulenrabilty in timeplus-io/proton Mariner: Mariner GovTech CSG: GovTech CSG Customer Action Required: Yes

CVE-2025-69650 [HIGH] GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return ear GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_s

CVE-2025-69648 [MEDIUM] CVE-2025-69648: Mariner: Mariner mitre: mitre Customer Action Required: Yes Mariner: Mariner mitre: mitre Customer Action Required: Yes

CVE-2025-69651 [MEDIUM] GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain

CVE-2025-69649 [HIGH] CWE-476 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null sec GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a

CVE-2025-69646 [MEDIUM] CWE-400 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can ca Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail t

CVE-2025-69652 [MEDIUM] CWE-460 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may

CVE-2025-69647 [MEDIUM] CVE-2025-69647: Mariner: Mariner mitre: mitre Customer Action Required: Yes Mariner: Mariner mitre: mitre Customer Action Required: Yes

CVE-2026-4647 [MEDIUM] CWE-125 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library Mariner: Mariner redhat: redhat Customer Action Required: Yes

CVE-2025-69645 [MEDIUM] CWE-400 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_

CVE-2025-69644 [MEDIUM] CWE-400 An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unboun

CVE-2025-11839 [MEDIUM] CWE-252 GNU Binutils prdbg.c tg_tag_type return value GNU Binutils prdbg.c tg_tag_type return value FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo

CVE-2025-1148 [LOW] CWE-401 GNU Binutils ld ldelfgen.c link_order_scan memory leak GNU Binutils ld ldelfgen.c link_order_scan memory leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the d

CVE-2025-1180 [LOW] CWE-119 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure ve

CVE-2025-1147 [LOW] CWE-120 GNU Binutils nm nm.c internal_strlen buffer overflow GNU Binutils nm nm.c internal_strlen buffer overflow FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distr

CVE-2025-1150 [LOW] CWE-401 GNU Binutils ld libbfd.c bfd_malloc memory leak GNU Binutils ld libbfd.c bfd_malloc memory leak FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is compo