AZL-79589

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79589.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-79589

Upstream

CVE-2025-69652

Published

2026-03-06T19:16:10Z

Modified

2026-04-01T05:23:29.757753Z

Summary

CVE-2025-69652 affecting package binutils 2.37-20

Details

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo(), an invalid debuginfop state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, bytegetlittle_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-69652

Affected packages

Azure Linux:2 / binutils

Package

Name: binutils
Purl: pkg:rpm/azure-linux/binutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.37-20

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79589.json"