CVE-2025-69650 in Binutils
Summary
by MITRE • 03/06/2026
GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service. NOTE: this is disputed by third parties because the observed behavior occurred only in pre-release code and did not affect any tagged version.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 03/19/2026
The vulnerability identified as CVE-2025-69650 resides within GNU Binutils version 2.46 and earlier, specifically within the readelf utility's handling of ELF binary files. This issue manifests as a double free condition that occurs during the processing of maliciously crafted ELF binaries containing malformed relocation data. The root cause lies in the improper initialization of data structures during the relocation processing phase, which creates a scenario where memory management functions receive invalid pointers leading to program termination. The vulnerability is classified under CWE-415 as a double free condition, representing a classic memory safety issue that can result in program instability and denial of service attacks.
The technical flaw occurs within the dump_relocations function where early return conditions prevent proper initialization of the all_relocations array. When process_got_section_contents() subsequently calls free() with an uninitialized r_symbol pointer, the system attempts to release memory that has already been freed or is in an invalid state. This memory management error follows a typical pattern where the same memory location is deallocated twice, causing the program to terminate with SIGABRT signal. The ATT&CK framework categorizes this under privilege escalation and denial of service techniques as it leverages memory corruption vulnerabilities to disrupt system operations. The specific code path involves GOT (Global Offset Table) relocation handling where the malformed ELF data triggers unexpected control flow.
The operational impact of this vulnerability is primarily limited to denial of service conditions rather than direct exploitation for code execution or memory corruption. Systems utilizing readelf to analyze ELF binaries become susceptible to crashes when processing specially crafted inputs, potentially disrupting automated build systems, security analysis tools, or binary inspection utilities. While no evidence suggests this vulnerability can be weaponized for arbitrary code execution, the reliability of security tools and development environments that depend on readelf functionality could be compromised. The vulnerability affects the broader ecosystem of software development and security analysis tools that rely on GNU Binutils for binary inspection and processing.
Mitigation strategies should focus on immediate patching of affected GNU Binutils versions to version 2.47 or later where the double free issue has been resolved. System administrators should implement input validation and sanitization measures when processing untrusted ELF binaries through readelf, particularly in automated environments. Organizations should consider deploying additional security controls such as sandboxing or containerization for binary analysis tasks to limit potential impact. Regular security updates and vulnerability assessments should be implemented to monitor for similar memory safety issues in other components of the software supply chain. The vulnerability highlights the importance of thorough testing and validation of memory management functions, particularly in security-critical utilities that process untrusted input data.