CVE-2006-2362

Name of the Vulnerable Software and Affected Versions GNU Binutils versions prior to 20060423

Description The issue allows context-dependent attackers to cause a denial of service, potentially leading to application crashes, and possibly execute arbitrary code. This can be achieved via a file with a crafted Tektronix Hex Format (TekHex) record where the length character is not a valid hexadecimal character.

Recommendations For GNU Binutils versions prior to 20060423, update to a version released after 20060423 to resolve the issue. As a temporary workaround, consider restricting the use of the getsym function in tekhex.c until a patch is available. Avoid using the vulnerable libbfd component with untrusted input files to minimize the risk of exploitation.