AZL-79583

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79583.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-79583

Upstream

CVE-2025-69646

Published

2026-03-06T18:16:16Z

Modified

2026-04-21T04:34:47.114382Z

Summary

CVE-2025-69646 affecting package binutils 2.37-20

Details

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-69646

Affected packages

Azure Linux:2 / binutils

Package

Name: binutils
Purl: pkg:rpm/azure-linux/binutils

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.37-20

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79583.json"