CVE-2026-6844 | THREATINT

Description

A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.

PUBLISHED Reserved 2026-04-22 | Published 2026-04-22 | Updated 2026-04-23 | Assigner redhat

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Problem types

Uncontrolled Resource Consumption

Product status

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2026-04-13:	Reported to Red Hat.
2026-04-13:	Made public.

Credits

Red Hat would like to thank samuel kariri kamau for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-6844 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2460016 (RHBZ#2460016) issue-tracking

cve.org (CVE-2026-6844)

nvd.nist.gov (CVE-2026-6844)

Download JSON