CVE-2025-69651: n/a
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
AI Analysis
Technical Summary
CVE-2025-69651 describes a vulnerability in GNU Binutils readelf (up to version 2.46) where malformed ELF binaries with incorrect relocation or symbol data can cause an invalid pointer free. Specifically, if dump_relocations exits early due to parsing errors, the all_relocations array may be partially uninitialized. Later, process_got_section_contents() attempts to free an invalid r_symbol pointer, triggering memory corruption detection in glibc and causing the program to terminate with SIGABRT. The vulnerability results in denial of service but no confirmed memory corruption beyond the abort or code execution. The issue is disputed because it was only observed in pre-release code and not in any tagged release versions. No patch information is currently available.
Potential Impact
The vulnerability leads to a denial of service condition by causing readelf to abort when processing specially crafted ELF binaries. There is no confirmed impact on confidentiality or integrity, and no evidence of code execution or further memory corruption beyond the program termination. The denial of service is triggered by an invalid pointer free during ELF parsing.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability is disputed and reportedly only affects pre-release code, no immediate action may be required for tagged releases. Monitor vendor communications for any official fixes or updates.
CVE-2025-69651: n/a
Description
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
CVSS v3.1
Score 5.5medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-69651 describes a vulnerability in GNU Binutils readelf (up to version 2.46) where malformed ELF binaries with incorrect relocation or symbol data can cause an invalid pointer free. Specifically, if dump_relocations exits early due to parsing errors, the all_relocations array may be partially uninitialized. Later, process_got_section_contents() attempts to free an invalid r_symbol pointer, triggering memory corruption detection in glibc and causing the program to terminate with SIGABRT. The vulnerability results in denial of service but no confirmed memory corruption beyond the abort or code execution. The issue is disputed because it was only observed in pre-release code and not in any tagged release versions. No patch information is currently available.
Potential Impact
The vulnerability leads to a denial of service condition by causing readelf to abort when processing specially crafted ELF binaries. There is no confirmed impact on confidentiality or integrity, and no evidence of code execution or further memory corruption beyond the program termination. The denial of service is triggered by an invalid pointer free during ELF parsing.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability is disputed and reportedly only affects pre-release code, no immediate action may be required for tagged releases. Monitor vendor communications for any official fixes or updates.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-01-09T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69ab19e8c48b3f10ffbbf2ad
Added to database: 3/6/2026, 6:16:08 PM
Last enriched: 4/22/2026, 10:34:34 PM
Last updated: 6/5/2026, 6:09:55 PM
Views: 99
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.