CVE-2026-3441 | THREATINT

Description

A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.

PUBLISHED Reserved 2026-03-02 | Published 2026-03-15 | Updated 2026-04-28 | Assigner redhat

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Problem types

Out-of-bounds Read

Product status

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Timeline

2026-03-02:	Reported to Red Hat.
2026-03-02:	Made public.

References

access.redhat.com/security/cve/CVE-2026-3441 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2443826 (RHBZ#2443826) issue-tracking

cve.org (CVE-2026-3441)

nvd.nist.gov (CVE-2026-3441)

Download JSON