CVE-2026-3441
Published: March 6, 2026Last modified: April 2, 2026
Description
A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By convincing a user to process a specially crafted XCOFF object file, an attacker can trigger this flaw, potentially leading to information disclosure or an application level denial of service.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | binutils | Not affected (2.39-r2) |
| 25 LTS | binutils | Not affected (2.44-r0) | |
| Stream | binutils | Not affected (2.40-r4) | |
| Hardened Containers | 23 LTS | binutils | Not affected (2.39-r2) |
| 25 LTS | binutils | Not affected (2.44-r0) | |
| Stream | binutils | Not affected (2.40-r4) |