AZL-79598

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79598.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-79598

Upstream

CVE-2025-69644

Published

2026-03-06T18:16:16Z

Modified

2026-04-01T05:23:29.768251Z

Summary

CVE-2025-69644 affecting package binutils 2.37-20

Details

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-69644

Affected packages

Azure Linux:2 / binutils

Package

Name: binutils
Purl: pkg:rpm/azure-linux/binutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.37-20

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79598.json"