CVE-2021-33294

CWE-835 CWE-400 — Uncontrolled Resource Consumption8 documents7 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 94.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Elfutils Project Elfutils

Timeline

PublishedJul 18

Latest updateAug 30

Description

In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶Debianelfutils< 0.185-2+2

▶NVDelfutils_project/elfutils0.183

Patches

Patch: sourceware.org ↗Patch: sourceware.org ↗

🔴Vulnerability Details

OSV

elfutils vulnerabilities↗2023-08-30

▶

CVEList

CVE-2021-33294: In elfutils 0↗2023-07-18

▶

GHSA

GHSA-827x-xjfm-cw2c: In elfutils 0↗2023-07-18

▶

OSV

CVE-2021-33294: In elfutils 0↗2023-07-18

▶

📋Vendor Advisories

Ubuntu

elfutils vulnerabilities↗2023-08-30

▶

Red Hat

elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service↗2023-07-18

▶

Debian

CVE-2021-33294: elfutils - In elfutils 0.183, an infinite loop was found in the function handle_symtab in r...↗2021

▶