{"id":"AZL-79562","summary":"CVE-2025-69650 affecting package binutils 2.41-10","details":"GNU Binutils thru 2.46 readelf contains a double free vulnerability when processing a crafted ELF binary with malformed relocation data. During GOT relocation handling, dump_relocations may return early without initializing the all_relocations array. As a result, process_got_section_contents() may pass an uninitialized r_symbol pointer to free(), leading to a double free and terminating the program with SIGABRT. No evidence of exploitable memory corruption or code execution was observed; the impact is limited to denial of service.","modified":"2026-04-21T04:34:47.043209Z","published":"2026-03-06T19:16:10Z","upstream":["CVE-2025-69650"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-69650"}],"affected":[{"package":{"name":"binutils","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/binutils"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.41-10"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-79562.json"}}],"schema_version":"1.7.5"}