Bug 2223918 (CVE-2021-33294) - CVE-2021-33294 elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service
Summary: CVE-2021-33294 elfutils: an infinite loop was found in the function handle_sy...
Keywords:
Status: NEW
Alias: CVE-2021-33294
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2223920 2223921 2223922 2223923 2232372
Blocks: 2232321
TreeView+ depends on / blocked
 
Reported: 2023-07-19 09:37 UTC by Vipul Nair
Modified: 2024-02-07 12:34 UTC (History)
9 users (show)

Fixed In Version: elfutils 0.183
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Vipul Nair 2023-07-19 09:37:04 UTC
In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html
https://sourceware.org/bugzilla/show_bug.cgi?id=27501

Comment 3 Mark Wielaard 2023-07-19 11:35:33 UTC
Note that upstream would categorize this as a simple bug, not a security issue.

  Since most elfutils tools are run in short-lived, local, interactive,
  development context rather than remotely "in production", we generally
  treat malfunctions as ordinary bugs rather than security vulnerabilities.

Comment 4 Vipul Nair 2023-07-20 06:48:30 UTC
This is a triage tracker,please feel free to close it as not affected if so.

Comment 7 Mark Wielaard 2023-08-16 14:56:02 UTC
I added a note to the upstream bug that this isn't considered a security issue (the upstream project wasn't even aware someone filed an CVE for this bug).
https://sourceware.org/bugzilla/show_bug.cgi?id=27501

It seems a fairly old bug already fixed in all shipping products. So I am not sure why bugs keep being filed based on this.


Note You need to log in before you can comment on or make changes to this bug.