Microsoft Security Response Center Blog Alerts - Network Services Group

CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.

Published March 11, 2026

Information published.

CVE-2026-29786 node-tar: Hardlink Path Traversal via Drive-Relative Linkpath

Published March 11, 2026

Information published.

CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

Published March 11, 2026

Information published.

CVE-2024-14027 xattr: switch to CLASS(fd)

Published March 11, 2026

Information published.

CVE-2026-27139 FileInfo can escape from a Root in os

Published March 11, 2026

Information published.

CVE-2026-26018 CoreDNS Loop Detection Denial of Service Vulnerability

Published March 11, 2026

Information published.

CVE-2026-26017 CoreDNS ACL Bypass

Published March 11, 2026

Information published.

CVE-2026-26127 .NET Denial of Service Vulnerability

Published March 11, 2026

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.

CVE-2025-69651 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.

Published March 11, 2026

Information published.

CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed.

Published March 11, 2026

Information published.

Privacy | General Terms & Conditions | Speed Test | Image Share | ASN

We use cookies to improve your experience. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.