Bug 2223918 (TRIAGE-CVE-2021-33294)

Summary: TRIAGE-CVE-2021-33294 elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service
Product: [Other] Security Response Reporter: Vipul Nair <vinair>
Component: vulnerabilityAssignee: Nobody <nobody>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: drepper, fche, fweimer, jakub, mcermak, michal.skrivanek, mjw, mperina, ohudlick, sbonazzo
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: elfutils 0.183 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the elfutils tools package. An infinite loop was found to be possible in the function handle_symtab in readelf.c which may lead to a Denial of Service.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2223920, 2223921, 2223922, 2223923, 2232372    
Bug Blocks: 2232321    

Description Vipul Nair 2023-07-19 09:37:04 UTC 
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html
https://sourceware.org/bugzilla/show_bug.cgi?id=27501
Comment 3 Mark Wielaard 2023-07-19 11:35:33 UTC 
Note that upstream would categorize this as a simple bug, not a security issue.

  Since most elfutils tools are run in short-lived, local, interactive,
  development context rather than remotely "in production", we generally
  treat malfunctions as ordinary bugs rather than security vulnerabilities.
Comment 4 Vipul Nair 2023-07-20 06:48:30 UTC 
This is a triage tracker,please feel free to close it as not affected if so.
Comment 7 Mark Wielaard 2023-08-16 14:56:02 UTC 
I added a note to the upstream bug that this isn't considered a security issue (the upstream project wasn't even aware someone filed an CVE for this bug).
https://sourceware.org/bugzilla/show_bug.cgi?id=27501

It seems a fairly old bug already fixed in all shipping products. So I am not sure why bugs keep being filed based on this.