CVE-2017-13757

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the Binary File Descriptor (BFD) library, specifically with the validation of the PLT section size. This allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted ELF file. The problem is associated with functions in elf32-i386.c and elf64-x86-64.c, such as elf i386 get synthetic symtab and elf x86 64 get synthetic symtab. The vulnerability is also described as a buffer data reading issue beyond permissible boundaries, which can be exploited by a remote attacker using a specially crafted ELF file to cause a denial of service.

Recommendations: For GNU Binutils version 2.29, consider updating to a newer version that addresses this issue, as the current version does not validate the PLT section size properly, leading to potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.