CVE-2017-14729

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to a buffer overflow in the elf32-i386.c and elf64-x86-64.c components of GNU Binutils. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted ELF file. The * get synthetic symtab functions in the Binary File Descriptor (BFD) library do not ensure a unique PLT entry for a symbol, leading to a heap-based buffer overflow and application crash.

Recommendations: For GNU Binutils version 2.29, consider disabling the * get synthetic symtab functions as a temporary workaround until a patch is available. Restrict access to the elf32-i386.c and elf64-x86-64.c components to minimize the risk of exploitation. Avoid using crafted ELF files that could trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.