CVE-2017-15023

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the read formatted entries function in the dwarf2.c component of the Binary File Descriptor (BFD) library, which does not properly validate the format count. This allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted ELF file. The vulnerability is related to the concat filename function.

Recommendations: For GNU Binutils version 2.29, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of crafted ELF files to minimize the risk of exploitation. Avoid using the read formatted entries function in the dwarf2.c component until a patch is available.