CVE-2017-15020

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to the dwarf1.c component in the Binary File Descriptor (BFD) library, which mishandles pointers and allows remote attackers to cause a denial of service or possibly have other impacts via a crafted ELF file. This is related to the parse die and parse line table functions, as demonstrated by a heap-based buffer over-read. The exploitation of this issue can allow an attacker to access confidential data, disrupt its integrity, and cause a denial of service using a specially crafted ELF file.

Recommendations: For GNU Binutils version 2.29, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the use of the dwarf1.c component or the parse die and parse line table functions to minimize the risk of exploitation. Avoid using specially crafted ELF files that could trigger the buffer over-read vulnerability.