CVE-2017-17080

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1

Description: The issue is related to the elf.c component in the Binary File Descriptor (BFD) library, which does not validate sizes of core notes. This allows remote attackers to cause a denial of service via a crafted object file, resulting in a heap-based buffer over-read and application crash. The vulnerability is related to functions such as elfcore grok netbsd procinfo, elfcore grok openbsd procinfo, and elfcore grok nto status. It is also described as a buffer data reading vulnerability beyond permissible boundaries.

Recommendations: For GNU Binutils version 2.29.1, consider updating to a newer version that addresses this issue, as the current version allows for a denial of service attack through a crafted object file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.