CVE-2026-4647
published 2026-03-23CVE-2026-4647: A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when…
medium6.1CVSS 3.1
AVLACLPRNUIRSUCLINAH
A flaw was found in the GNU Binutils BFD library, a widely used component for handling binary files such as object files and executables. The issue occurs when processing specially crafted XCOFF object files, where a relocation type value is not properly validated before being used. This can cause the program to read memory outside of intended bounds. As a result, affected tools may crash or expose unintended memory contents, leading to denial-of-service or limited information disclosure risks.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | binutils | — | — |
| msrc | azl3_binutils_2.41-10_on_azure_linux_3.0 | — | — |
| msrc | azl3_crash_9.0.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_gdb_13.2-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_binutils_2.37-20_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_crash_8.0.1-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_gdb_11.2-10_on_cbl_mariner_2.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | openshift_container_platform | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
osv6.1MEDIUM