CVE-2026-3994
Heap-Based Buffer Overflow in rui314 mold Object File Handler
Publication date: 2026-03-12
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rui314 | mold | to 2.40.4 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3994 is a heap-based buffer overflow vulnerability found in the rui314 mold linker, specifically in the function mold::ObjectFile<mold::X86_64>::initialize_sections within the source file src/input-files.cc. The vulnerability occurs when the function improperly handles or indexes internal vectors or arrays of unique pointers managing object file sections, leading to out-of-bounds memory access beyond allocated heap buffers.
This overflow happens during the processing of specially crafted object files, causing invalid memory reads and potentially crashes. The issue requires local access to exploit and is reproducible on Linux x86_64 systems when mold is built with Clang in Release mode with AddressSanitizer enabled.
The vulnerability can be triggered by manipulating input files to mold, causing heap buffer overflows during object file section initialization and symbol resolution, which may lead to crashes or undefined behavior.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a local attacker to cause a crash of the mold linker process, leading to denial of service.
Because the heap-based buffer overflow may allow out-of-bounds memory access, it could potentially be exploited to execute arbitrary code, compromising the confidentiality, integrity, and availability of the affected system.
Exploitation requires local access and supplying a maliciously crafted object file to mold, which could disrupt software build processes or introduce security risks during linking.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by running the mold linker with a specially crafted input file that triggers the heap-based buffer overflow during the section initialization process.'}, {'type': 'paragraph', 'content': 'Using AddressSanitizer (ASan) enabled builds of mold on Linux x86_64 systems with Clang in Release mode can help detect the out-of-bounds read and heap overflow issues.'}, {'type': 'paragraph', 'content': 'A practical detection method is to execute mold with a crafted object file that triggers the overflow, which will cause a crash or ASan report indicating the heap-buffer-overflow.'}, {'type': 'paragraph', 'content': 'No specific network detection commands are applicable since the attack requires local execution.'}, {'type': 'paragraph', 'content': "Example command to reproduce the crash (assuming you have a crafted input file named 'exploit.o'):"}, {'type': 'list_item', 'content': 'clang -fsanitize=address -O2 -o mold mold_source_files... # Build mold with ASan'}, {'type': 'list_item', 'content': './mold exploit.o # Run mold with the crafted object file to trigger detection'}] [2, 4]
What immediate steps should I take to mitigate this vulnerability?
Currently, there are no known patches or countermeasures available for this vulnerability as the project has not responded or provided a fix.
Immediate mitigation steps include avoiding the use of affected versions of mold (up to 2.40.4) until a fix is released.
Consider using alternative linker tools that do not have this vulnerability.
Restrict local access to systems running mold to trusted users only, since exploitation requires local attack vector.
Monitor for any suspicious local activity involving mold executions with untrusted or crafted object files.