Heap-based Buffer Overflow Affecting binutils package, versions <2.46-r2


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

Social Trends
EPSS
0.16% (7th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-WOLFILATEST-BINUTILS-17162347
  • published4 Jun 2026
  • disclosed22 Apr 2026

Introduced: 22 Apr 2026

CVE-2026-6846  (opens in a new tab)
CWE-122  (opens in a new tab)

How to fix?

Upgrade Wolfi binutils to version 2.46-r2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream binutils package and not the binutils package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable.

CVSS Base Scores

version 3.1