{"id":"AZL-79574","summary":"CVE-2025-69651 affecting package binutils 2.41-10","details":"GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an invalid pointer free when processing a crafted ELF binary with malformed relocation or symbol data. If dump_relocations returns early due to parsing errors, the internal all_relocations array may remain partially uninitialized. Later, process_got_section_contents() may attempt to free an invalid r_symbol pointer, triggering memory corruption checks in glibc and causing the program to terminate with SIGABRT. No evidence of further memory corruption or code execution was observed; the impact is limited to denial of service.","modified":"2026-04-01T05:23:29.809130Z","published":"2026-03-06T18:16:16Z","upstream":["CVE-2025-69651"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69651"}],"affected":[{"package":{"name":"binutils","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/binutils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.41-10"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79574.json"}}],"schema_version":"1.7.5"}