CVE-2026-3442 | THREATINT

Description

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

PUBLISHED Reserved 2026-03-02 | Published 2026-03-15 | Updated 2026-04-28 | Assigner redhat

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

Problem types

Out-of-bounds Read

Product status

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

unaffected

Timeline

2026-03-02:	Reported to Red Hat.
2026-03-02:	Made public.

References

access.redhat.com/security/cve/CVE-2026-3442 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2443828 (RHBZ#2443828) issue-tracking

cve.org (CVE-2026-3442)

nvd.nist.gov (CVE-2026-3442)

Download JSON