CVE-2017-9954

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.28

Description The issue concerns the getvalue function in tekhex.c within the Binary File Descriptor (BFD) library, which is part of GNU Binutils. This function can be exploited by remote attackers to cause a denial of service, resulting in a stack-based buffer over-read and application crash. The exploitation can occur through a crafted tekhex file, as demonstrated by the mishandling within the nm program.

Recommendations For GNU Binutils version 2.28, consider disabling the getvalue function in tekhex.c as a temporary workaround until a patch is available. Restrict the use of the nm program with untrusted tekhex files to minimize the risk of exploitation.