Binutils Readelf Local DoS via Crafted ELF Files
CVE-2026-6844 Published on April 22, 2026
Binutils: binutils: denial of service vulnerabilities in readelf via crafted elf files
A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service.
Vulnerability Analysis
CVE-2026-6844 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Reported to Red Hat.
Made public.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2026-6844 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2026-6844
Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.
