CVE-2026-3442

🔶 medium

Summary

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

CVSS Score

6.1

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-03-16

First Seen: 2026-03-17

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 38.8% of all 318,332 vulnerabilities in our database.

#194,738

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 16, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-03-20

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

CWE IDs (Weakness Types)

CWE-125

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
gnu	binutils	Affected	v-
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
redhat	openshift_container_platform	Affected	v4.0

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-3442

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2443828

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-4647	🔶 medium	6.1	0.0	A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files...	2026-03-23
CVE-2026-3632	ℹ️ low	3.9	0.1	A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because ...	2026-03-17
CVE-2026-3633	ℹ️ low	3.9	0.0	A flaw was found in libsoup. A remote attacker, by controlling the method parameter of the `soup_message_new()` function...	2026-03-17
CVE-2026-3634	ℹ️ low	3.9	0.0	A flaw was found in libsoup. An attacker controlling the value used to set the Content-Type header can inject a Carriage...	2026-03-17
CVE-2026-4271	🔶 medium	5.3	1.0	A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs...	2026-03-17
CVE-2026-3441	🔶 medium	6.1	0.0	A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in t...	2026-03-16

These CVEs affect the same products