Skip to main content

GNU Binutils EUVDEUVD-2026-12196

| CVE-2026-3442 HIGH
Out-of-bounds Read (CWE-125)
2026-03-15 redhat
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
vuln.today AI
6.1 MEDIUM

Local file parsing with required user interaction (AV:L/UI:R, PR:N); reliable crash gives A:H, but disclosure is only possible so confidentiality assessed C:L rather than H.

3.1 AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Ubuntu
MEDIUM
qualitative
SUSE
6.1 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
Red Hat
6.1 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

9
Analysis Updated
Jun 30, 2026 - 15:34 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 15:34 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 15:22 vuln.today
cvss_changed
Severity Changed
Jun 30, 2026 - 15:22 NVD
MEDIUM HIGH
CVSS changed
Jun 30, 2026 - 15:22 NVD
6.1 (MEDIUM) 7.1 (HIGH)
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 01:00 euvd
EUVD-2026-12196
Analysis Generated
Mar 15, 2026 - 01:00 vuln.today
CVE Published
Mar 15, 2026 - 00:19 nvd
MEDIUM 6.1

DescriptionNVD

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.

AnalysisAI

Out-of-bounds heap read in the BFD linker (ld) component of GNU Binutils allows information disclosure or an application-level crash when a victim is induced to process a crafted XCOFF object file. Affected across Red Hat Enterprise Linux 6 through 10 (and OpenShift Container Platform 4), exploitation requires user interaction and local file processing - there is no public exploit identified at time of analysis, and the EPSS probability is negligible (0.01%, 2nd percentile).

Technical ContextAI

GNU Binutils provides the BFD (Binary File Descriptor) library that underpins the GNU linker (ld), assembler, and object-file tooling. The flaw is in BFD's parser for XCOFF - the eXtended Common Object File Format used historically on IBM AIX/PowerPC - where malformed structure or section/symbol-table fields are trusted without adequate bounds checking. The root cause class is CWE-125 (Out-of-bounds Read): the linker reads memory beyond the bounds of a heap-allocated buffer while parsing attacker-controlled object metadata, which can leak adjacent heap contents into output/diagnostics or dereference invalid memory and abort. Per the supplied CPE data the affected vendor packaging is Red Hat Enterprise Linux 6/7/8/10 (cpe:2.3:a:red_hat:red_hat_enterprise_linux_*), reflecting the binutils package shipped with those distributions rather than a standalone upstream-only product.

RemediationAI

Apply the vendor binutils update for your distribution: on Red Hat Enterprise Linux install the package from RHSA-2026:33527 (https://access.redhat.com/errata/RHSA-2026:33527) via 'yum update binutils' / 'dnf update binutils'; track the corresponding Ubuntu and Debian binutils security updates for those platforms - patch status here is 'Patch available per vendor advisory' (exact upstream tagged release version is not stated in the provided data, so cite your distribution's errata version rather than an invented number). As a compensating control until patched, do not run ld/binutils tooling on untrusted or attacker-supplied object files: in CI/build systems, restrict linking to inputs from trusted sources and isolate build steps that consume third-party object/archive files in sandboxed or ephemeral containers (trade-off: added pipeline complexity). Because the bug is in XCOFF parsing specifically, environments that never link XCOFF (the common case on x86_64 Linux) have inherently lower exposure, but this is not a guaranteed mitigation and patching remains the reliable fix.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Vendor StatusVendor

Ubuntu

Priority: Medium
binutils
Release Status Version
trusty needs-triage -
xenial needs-triage -
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

binutils
Release Status Fixed Version Urgency
bullseye vulnerable 2.35.2-2 -
bookworm vulnerable 2.40-2 -
trixie vulnerable 2.44-3 -
forky, sid vulnerable 2.46-3 -
(unstable) fixed (unfixed) unimportant

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Basesystem 15 SP7 Fixed
SUSE Linux Enterprise Module for Development Tools 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed

Share

EUVD-2026-12196 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy