CVE-2026-6845
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Summary
A flaw was found in binutils, specifically within the readelf utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Hardened Images | 2.45.1-5.2.hum1 < * | unaffected |
Weaknesses
- CWE-476: NULL Pointer Dereference
Workarounds
To mitigate this issue, users should avoid processing untrusted or suspicious ELF files with the readelf utility. No specific configuration or operational control is available to prevent this vulnerability without affecting the intended functionality of readelf.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://access.redhat.com/errata/RHSA-2026:34924
- https://access.redhat.com/security/cve/CVE-2026-6845
- https://bugzilla.redhat.com/show_bug.cgi?id=2460012
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.