CVE-2017-15996

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29

Description: The issue is related to a buffer overflow in the elfcomm.c component of GNU Binutils, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted ELF file. This is associated with an uninitialized variable, an improper conditional jump, and the get archive member name, process archive index and symbols, and setup archive functions. The exploitation can lead to excessive memory allocation.

Recommendations: For GNU Binutils version 2.29, consider disabling the elfcomm.c component or restricting its use until a patch is available. As a temporary workaround, avoid using the readelf function with untrusted ELF files. Restrict access to the get archive member name, process archive index and symbols, and setup archive functions to minimize the risk of exploitation.