Dtrace · Dtrace · CVE-2026-35233
**Name of the Vulnerable Software and Affected Versions**
dtrace (affected versions not specified)
**Description**
An unprivileged attacker can create a user-space process with a malicious ELF binary containing an out-of-range `sh link` field. When a root-level dtrace process attaches to or instruments that process using `dtrace -p`, pid probes, or USDT, the ELF parser reads heap memory beyond the allocated section cache array due to a lack of bounds checks. This leads to an uninitialized or out-of-bounds heap read, which may cause a NULL pointer dereference resulting in a denial of service (DoS) crash of the dtrace process, or potentially allow a read-then-use of a garbage pointer controlled by adjacent allocations, enabling further exploitation in a privileged context.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.