Description
A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.
Published: 2026-04-22
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Workaround
AI Analysis

Impact

A flaw in the readelf component of binutils allows a local attacker to cause a DoS by processing a specially crafted ELF file. The vulnerability arises from a null pointer dereference (CWE-476) that can trigger excessive resource consumption or a program crash. The impact is limited to interrupting the availability of services that rely on readelf, rather than compromising confidentiality or integrity.

Affected Systems

Red Hat Enterprise Linux versions 6 through 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4 are affected. Any installation of binutils on these systems that includes the readelf utility is vulnerable; the specific patched versions are not listed in the available data.

Risk and Exploitability

The CVSS score of 5 indicates medium severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, implying no publicly known exploitation yet. Attackers must have local access to supply a malicious ELF file to the vulnerable readelf utility, making the exploit path fairly constrained. The DoS can affect user sessions or services that depend on readelf, but it does not provide remote code execution or privilege escalation.

Generated by OpenCVE AI on April 22, 2026 at 09:35 UTC.

Remediation

Vendor Workaround

To mitigate this issue, users should avoid processing untrusted or suspicious ELF files with the `readelf` utility. No specific configuration or operational control is available to prevent this vulnerability without affecting the intended functionality of `readelf`.

OpenCVE Recommended Actions

  • Do not use the readelf utility to process untrusted or suspicious ELF files
  • Restrict execution of readelf to trusted users or remove it from the user’s PATH for untrusted accounts
  • Ensure the system is kept current with Red Hat updates, and apply any future patches that address this flaw

Generated by OpenCVE AI on April 22, 2026 at 09:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 22 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hardened Images
Redhat openshift Container Platform
Vendors & Products Redhat hardened Images
Redhat openshift Container Platform
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 22 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
Description A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash.
Title Binutils: binutils: denial of service via crafted elf file
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-476
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-22T07:54:19.164Z

Reserved: 2026-04-22T07:41:36.781Z

Link: CVE-2026-6845

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-22T09:16:27.373

Modified: 2026-04-22T09:16:27.373

Link: CVE-2026-6845

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-13T00:00:00Z

Links: CVE-2026-6845 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T11:43:47Z

Weaknesses