CVE-2017-17122

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1

Description: The issue is related to an integer overflow in the dump relocs in section function of the objdump.c component. This allows a remote attacker to cause a denial of service, potentially leading to excessive memory allocation or a heap-based buffer overflow, and application crash by using a specially crafted PE file. The attacker may also be able to access or modify confidential data.

Recommendations: For GNU Binutils version 2.29.1, consider disabling the dump relocs in section function as a temporary workaround until a patch is available. Restrict access to the objdump.c component to minimize the risk of exploitation. Avoid using specially crafted PE files that could trigger the integer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.