8109 matches found
SUSE CVE-2025-69648
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...
SUSE CVE-2025-69652
GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file.
...
Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis.
...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in AuthorizeDebugRequest function, which handles requests to the HTTP debug endpoints on port 15014. An attacker can gain unauthorized access to protected services by sending requests with multiple header values...
CVE-2026-31838 Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...
CVE-2026-31838 Istio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when policies rely on HTTP headers that may contain multiple values. An attacker could craft requests...
CVE-2025-69648
A flaw was found in binutils. Processing a specially crafted ELF binary file containing malformed DWARF .debugrnglists data with the readelf program can trigger an infinite loop and result in a denial of service. Mitigation To mitigate this vulnerability, do not process untrusted, unverified or...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the debugrnglists function. An attacker can cause the application to enter a non-terminating output loop by supplying a crafted binary with malformed DWARF, resulting in repeated warning messages and requiring manual...
EUVD-2025-208414
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...
CVE-2025-69648
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...
CVE-2025-69648
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...
UBUNTU-CVE-2025-69648
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...
CVE-2025-69648
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...
CVE-2025-69648
CVE-2025-69648 affects GNU Binutils up to 2.45.1 in readelf, where a logic flaw in the DWARF parser for .debug_rnglists data causes repeated warning messages to loop without progress. The issue is a denial-of-service-like condition due to non-terminating output, with no evidence of memory corrupt...
PT-2026-24066
Name of the Vulnerable Software and Affected Versions GNU Binutils versions through 2.45.1 Description GNU Binutils’ readelf utility is susceptible to a denial-of-service condition when processing a specially crafted binary file containing malformed DWARF .debug rnglists data. A flaw in the DWARF...
Linux Distros Unpatched Vulnerability : CVE-2025-69648
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic...