CVE-2026-3442

🔶 medium

Summary

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

CVSS Score

6.1

Medium

EPSS Score

0.0

Exploit Probability

Published Date

2026-03-16

First Seen: 2026-03-17

📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 38.8% of all 329,456 vulnerabilities in our database.

#201,538

Below average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: Mar 16, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Partial

Limited system impact

SSVC data provided by CISA

Last Modified 2026-03-20

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L

CWE IDs (Weakness Types)

CWE-125

📦 Affected Products 7

Vendor	Product	Status	Affected Versions
gnu	binutils	Affected	v-
redhat	enterprise_linux	Affected	v10.0
redhat	enterprise_linux	Affected	v6.0
redhat	enterprise_linux	Affected	v7.0
redhat	enterprise_linux	Affected	v8.0
redhat	enterprise_linux	Affected	v9.0
redhat	openshift_container_platform	Affected	v4.0

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-3442

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2443828

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-1764	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially craf...	2026-06-16
CVE-2026-1766	🔶 medium	5.6	0.2	A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracke...	2026-06-16
CVE-2026-1767	🔶 medium	5.6	0.2	A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` compo...	2026-06-16
CVE-2026-11785	🔶 medium	4.3	0.2	A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial st...	2026-06-09
CVE-2026-11786	ℹ️ low	1.9	0.2	A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute ...	2026-06-09
CVE-2026-11787	🔶 medium	5.0	0.2	A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without ...	2026-06-09

These CVEs affect the same products