Bug 2223918 (CVE-2021-33294)

Summary: CVE-2021-33294 elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service
Product: [Other] Security Response Reporter: Vipul Nair <vinair>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: drepper, fche, fweimer, jakub, mcermak, michal.skrivanek, mjw, mperina, ohudlick
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: elfutils 0.183 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service. A vulnerability was found in Elfutils, where an infinite loop in the handle_symtab function within readelf.c can lead to a denial of service, causing the application to become unresponsive and consume excessive system resources indefinitely.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2025-02-13 14:20:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2223920, 2223921, 2223922, 2223923, 2232372    
Bug Blocks: 2232321    

Description Vipul Nair 2023-07-19 09:37:04 UTC 
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html
https://sourceware.org/bugzilla/show_bug.cgi?id=27501
Comment 3 Mark Wielaard 2023-07-19 11:35:33 UTC 
Note that upstream would categorize this as a simple bug, not a security issue.

  Since most elfutils tools are run in short-lived, local, interactive,
  development context rather than remotely "in production", we generally
  treat malfunctions as ordinary bugs rather than security vulnerabilities.
Comment 4 Vipul Nair 2023-07-20 06:48:30 UTC 
This is a triage tracker,please feel free to close it as not affected if so.
Comment 7 Mark Wielaard 2023-08-16 14:56:02 UTC 
I added a note to the upstream bug that this isn't considered a security issue (the upstream project wasn't even aware someone filed an CVE for this bug).
https://sourceware.org/bugzilla/show_bug.cgi?id=27501

It seems a fairly old bug already fixed in all shipping products. So I am not sure why bugs keep being filed based on this.
Comment 8 Mark Wielaard 2025-02-13 14:20:33 UTC 
(In reply to Vipul Nair from comment #4)
> This is a triage tracker,please feel free to close it as not affected if so.

OK, this isn't a security bug and an issue fixed years ago.