CVE-2021-33294

2023-07-1800:00:00

ubuntu.com

elfutils

infinite loop

handle_symtab

denial of service

crafted file

readelf.c

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

12.7%

JSON

In elfutils 0.183, an infinite loop was found in the function handle_symtab
in readelf.c .Which allows attackers to cause a denial of service (infinite
loop) via crafted file.

Notes

Author	Note
	Priority reason: No real security impact as this is a command-line utility that is not generally expected to handle untrusted input.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchelfutils< 0.170-0.4ubuntu0.1+esm1UNKNOWN
ubuntu20.04noarchelfutils< 0.176-1.1ubuntu0.1UNKNOWN
ubuntu14.04noarchelfutils< 0.158-0ubuntu5.3+esm1UNKNOWN
ubuntu16.04noarchelfutils< 0.165-3ubuntu1.2+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	elfutils	< 0.170-0.4ubuntu0.1+esm1	UNKNOWN
ubuntu	20.04	noarch	elfutils	< 0.176-1.1ubuntu0.1	UNKNOWN
ubuntu	14.04	noarch	elfutils	< 0.158-0ubuntu5.3+esm1	UNKNOWN
ubuntu	16.04	noarch	elfutils	< 0.165-3ubuntu1.2+esm1	UNKNOWN