CVE-2026-3442 MEDIUM

CVE-2026-3442: Binutils: gnu binutils: information disclosure or denial of service via out-of-bounds read in bfd linker

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-125
Published March 15, 2026
Last update May 6, 2026

CVSS base score

6.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

Key dates

02Disclosure timeline

March 15, 2026 CVE published
May 6, 2026 Record updated