CVE-2026-3442
Modified
Modified - Updated After Analysis
Heap-Based Buffer Overflow in GNU Binutils bfd Linker Causes DoS
Vulnerability report for CVE-2026-3442, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-16
Last updated on: 2026-06-30
Assigner: Red Hat, Inc.
Description
Description
A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 7.0 |
| redhat | enterprise_linux | 6.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | openshift_container_platform | 4.0 |
| redhat | enterprise_linux | 9.0 |
| gnu | binutils | * |
| redhat | enterprise_linux | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |