CVE-2017-9038

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, via a crafted ELF file. This is related to the byte get little endian function in elfcomm.c, the get unwind section word function in readelf.c, and ARM unwind information that contains invalid word offsets.

Recommendations For GNU Binutils version 2.28, consider updating to a newer version to mitigate the risk of a denial of service attack. As a temporary workaround, restrict the processing of crafted ELF files to minimize the risk of exploitation.