In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html https://sourceware.org/bugzilla/show_bug.cgi?id=27501
Note that upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development context rather than remotely "in production", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.
This is a triage tracker,please feel free to close it as not affected if so.
I added a note to the upstream bug that this isn't considered a security issue (the upstream project wasn't even aware someone filed an CVE for this bug). https://sourceware.org/bugzilla/show_bug.cgi?id=27501 It seems a fairly old bug already fixed in all shipping products. So I am not sure why bugs keep being filed based on this.
(In reply to Vipul Nair from comment #4) > This is a triage tracker,please feel free to close it as not affected if so. OK, this isn't a security bug and an issue fixed years ago.