diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 815e2bf5fb..d555d5f421 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -56,6 +56,7 @@ SRC_URI = "\
      file://CVE-2017-9040_9042.patch \
      file://CVE-2017-9742.patch \
      file://CVE-2017-9744.patch \
+     file://CVE-2017-9745.patch \
 "
 S  = "${WORKDIR}/git"
 
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 0000000000..0b3885b947
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,35 @@
+From 76800cba595efc3fe95a446c2d664e42ae4ee869 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Thu, 15 Jun 2017 12:08:57 +0100
+Subject: [PATCH] Handle EITR records in VMS Alpha binaries with overlarge
+ command length parameters.
+
+	PR binutils/21579
+	* vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9745
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog   |  5 +++++
+ bfd/vms-alpha.c | 16 ++++++++--------
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+
+Index: git/bfd/vms-alpha.c
+===================================================================
+--- git.orig/bfd/vms-alpha.c
++++ git/bfd/vms-alpha.c
+@@ -1741,6 +1741,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+       _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+ 
++#if VMS_DEBUG
++      _bfd_vms_debug (4, "etir: %s(%d)\n",
++                      _bfd_vms_etir_name (cmd), cmd);
++      _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+       switch (cmd)
+         {
+           /* Stack global