CVE-2017-15022

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the dwarf2.c component in the Binary File Descriptor (BFD) library, which does not validate the DW AT name data type. This allows remote attackers to cause a denial of service via a crafted ELF file, potentially resulting in a NULL pointer dereference, out-of-bounds access, or application crash. The exploitation is related to the scan unit for symbols and parse comp unit functions.

Recommendations: For GNU Binutils version 2.29, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the dwarf2.c component or avoid processing untrusted ELF files until a patch is available.