AZL-79574

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79574.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-79574

Upstream

CVE-2025-69651

Published

2026-03-06T18:16:16Z

Modified

2026-04-01T05:23:29.809130Z

Summary

CVE-2025-69651 affecting package binutils 2.41-10

Details

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dumprelocations returns early due to parsing errors, the internal allrelocations array may remain partially uninitialized. Later, processgotsectioncontents() may attempt to free an invalid rsymbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-69651

Affected packages

Azure Linux:3 / binutils

Package

Name: binutils
Purl: pkg:rpm/azure-linux/binutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.41-10

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79574.json"