{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.46" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "49d4d3fafa4ec4ff5a3460d91d5b1ed5286487db" } ], "repo": "https://sourceware.org/git/binutils-gdb.git", "type": "GIT" } ] } ], "details": "GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.", "id": "CVE-2025-69650", "modified": "2026-04-01T23:09:11.426157489Z", "published": "2026-03-06T19:16:10.773Z", "references": [ { "type": "WEB", "url": "https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=81e90cf63a10ad11772c2437c8f2a88f1a00c739" }, { "type": "WEB", "url": "https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ea4bc025abdba85a90e26e13f551c16a44bfa92" }, { "type": "REPORT", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33700" }, { "type": "FIX", "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ea4bc025abdba85a90e26e13f551c16a44bfa921" }, { "type": "EVIDENCE", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33698" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }