How to fix CVE-2025-69644?

Within 30 days: Identify affected systems running Binutils and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Binutils affected by CVE-2025-69644?

Organizations using Binutils should be aware of moderate risk from CVE-2025-69644, a resource exhaustion vulnerability rated CVSS 5.0. Service availability could be impacted. A patch is available and should be applied during regular vulnerability management.

CVE-2025-69644

MEDIUM

2026-03-06 [email protected]

5.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:06 vuln.today

Patch Released

Mar 10, 2026 - 20:42 nvd

Patch available

CVE Published

Mar 06, 2026 - 18:16 nvd

MEDIUM 5.0

Description

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Analysis

An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. [CVSS 5.0 MEDIUM]

Technical Context

Classified as CWE-400 (Uncontrolled Resource Consumption). Affects Binutils. An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Affected Products

Vendor: Gnu. Product: Binutils. Versions: up to 2.46..

Remediation

A vendor patch is available — apply it immediately.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +25

POC: 0

Vendor Status

CVE-2025-69644 vulnerability details – vuln.today

Back

CVE-2025-69644

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

CVE-2025-69644

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Share

External POC / Exploit Code