CVE-2017-14934

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the process debug info function in the dwarf.c component of GNU Binutils, which is caused by an incorrect buffer size calculation. This allows a remote attacker to cause a denial of service, specifically an infinite loop, by using a specially crafted ELF file that contains a negative size value in a CU structure.

Recommendations: For GNU Binutils version 2.29, consider disabling the process debug info function in the dwarf.c component as a temporary workaround until a patch is available. Restrict access to the dwarf.c component to minimize the risk of exploitation. Avoid using the process debug info function with untrusted ELF files until the issue is resolved.