Microsoft Security Response Center Blog Alerts - Network Services Group - Page 47

CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.

Published March 11, 2026

Information published.

CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service.

Published March 11, 2026

Information published.

CVE-2025-69650 GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.

Published March 11, 2026

Information published.

CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow

Published March 11, 2026

Information published.

CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509

Published March 11, 2026

Information published.

CVE-2026-27138 Panic in name constraint checking for malformed certificates in crypto/x509

Published March 11, 2026

Information published.

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Published March 11, 2026

Information published.

CVE-2025-69644 An issue was discovered in Binutils before 2.46. The objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed debug information. A logic flaw in the handling of DWARF location list headers can cause objdump to enter an unbounded loop and produce endless output until manually interrupted. This issue affects versions prior to the upstream fix and allows a local attacker to cause excessive resource consumption by supplying a malicious input file.

Published March 11, 2026

Information published.

CVE-2025-14524 bearer token leak on cross-protocol redirect

Published March 10, 2026

Information published.

CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass

Published March 10, 2026

Information published.

Privacy | General Terms & Conditions | Speed Test | Image Share | ASN

We use cookies to improve your experience. By continuing to use our site, you accept our use of cookies, revised Privacy Policy and Terms of Use.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.