CVE-2026-3442
mediumA flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may lead to the disclosure of sensitive information or cause the application to crash, resulting in an application level denial of service.
6.1
cvss
medium
common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.
epss
0.0000
kev
no
cisa known exploited vulnerabilities catalog. confirmed active exploitation.
CVSS 3.1
Common Vulnerability Scoring System v3.1
6.1
/ 10
MEDIUM
exploitability
Attack Vector
Local
Attack Vector (AV:L): requires local access. attacker must have shell access or physical login.
Attack Complexity
Low
Attack Complexity (AC:L): no special conditions needed. attack can be reliably reproduced.
Privileges Required
None
Privileges Required (PR:N): no authentication needed. any anonymous attacker can exploit this.
User Interaction
Required
User Interaction (UI:R): victim must perform some action (e.g. clicking a link, opening a file).
impact
Scope
Unchanged
Scope (S:U): impact limited to the vulnerable component.
Confidentiality
High
Confidentiality (C:H): total information disclosure. attacker gains access to all data within the component.
Integrity
None
Integrity (I:N): no integrity impact.
Availability
Low
Availability (A:L): reduced performance or partial service interruption.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
activity density
rdintel assessment
public exploit available. prioritize patching.
composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.
sign in to view full intelligence
pocs, detection rules, timeline, advisories, and more