CVE-2017-12967

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to a buffer over-read in the getsym function of the tekhex.c component in the BFD library, distributed in GNU Binutils. This allows remote attackers to cause a denial of service, resulting in a stack-based buffer over-read and application crash, via a malformed tekhex binary. The vulnerability is associated with reading beyond the permissible boundaries of a data buffer.

Recommendations: For GNU Binutils version 2.29, consider applying a patch or fix that addresses the buffer over-read issue in the getsym function of the tekhex.c component to prevent a denial of service. As a temporary workaround, consider restricting the use of malformed tekhex binaries to minimize the risk of exploitation.