6.1

CVE-2026-4647

Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library

A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuBinutils Version-
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.17% 0.064
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
secalert@redhat.com 6.1 1.8 4.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/security/cve/CVE-2026-4647
Vendor Advisory
Mitigation
https://bugzilla.redhat.com/show_bug.cgi?id=2450302
Vendor Advisory
Issue Tracking
https://sourceware.org/bugzilla/show_bug.cgi?id=33919
Broken Link
https://access.redhat.com/errata/RHSA-2026:33527