Vulnerabilities > CVE-2021-33294 - Infinite Loop vulnerability in Elfutils Project Elfutils 0.183

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

elfutils-project

CWE-835

NVD

Published: 2023-07-18

Updated: 2023-07-27

Summary

In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

Vulnerable Configurations

Part	Description	Count
Application	Elfutils_Project Elfutils Project Elfutils 0.183	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html
https://sourceware.org/bugzilla/show_bug.cgi?id=27501