CVE-2026-3442
Last modified
CVE-2026-3442 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.
Metrics
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Binutils | All versions |
| Redhat | Openshift Container Platform | 4.0 |
| Redhat | Enterprise Linux | 6.0 |
| Redhat | Enterprise Linux | 7.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux | 9.0 |
| Redhat | Enterprise Linux | 10.0 |
References
- https://access.redhat.com/security/cve/CVE-2026-3442Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2443828Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-3442?
How severe is CVE-2026-3442?
How do I fix CVE-2026-3442?
Are you affected by CVE-2026-3442?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST