Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 19, 2026
CVE-2025-69650
CVE-2025-69650
Description
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
Affected products
8- osv-coords8 versionspkg:apk/chainguard/binutilspkg:apk/chainguard/binutils-devpkg:apk/chainguard/binutils-docpkg:apk/chainguard/binutils-goldpkg:apk/wolfi/binutilspkg:apk/wolfi/binutils-devpkg:apk/wolfi/binutils-docpkg:apk/wolfi/binutils-gold
< 2.46-r0+ 7 more
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
- (no CPE)range: < 2.46-r0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.