{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-33294", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-28T17:05:29.444Z", "dateReserved": "2021-05-20T00:00:00", "datePublished": "2023-07-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501"}, {"url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:42:20.323Z"}, "title": "CVE Program Container", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-28T17:05:21.199995Z", "id": "CVE-2021-33294", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T17:05:29.444Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:42:20.323Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-33294", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-28T17:05:21.199995Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-28T17:05:25.474Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501"}, {"url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html"}], "descriptions": [{"lang": "en", "value": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-07-18T00:00:00"}}}, "cveMetadata": {"cveId": "CVE-2021-33294", "state": "PUBLISHED", "dateUpdated": "2024-10-28T17:05:29.444Z", "dateReserved": "2021-05-20T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-07-18T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elfutils_project:elfutils:0.183:*:*:*:*:*:*:*", "matchCriteriaId": "6C0F8466-BE5B-45B1-A099-2B1E940E5A8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file."}], "id": "CVE-2021-33294", "lastModified": "2023-07-27T15:19:40.113", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-18T14:15:11.673", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27501"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "https://sourceware.org/pipermail/elfutils-devel/2021q1/003607.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "elfutils: an infinite loop was found in the function handle_symtab in readelf.c which causes denial of service", "id": "2223918", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223918"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-400", "details": ["In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.", "A flaw was found in the elfutils tools package. An infinite loop is possible in the handle_symtab function in readelf.c, which may lead to a denial of service."], "name": "CVE-2021-33294", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "elfutils", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "elfutils", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "elfutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "gcc-toolset-11-elfutils", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "elfutils", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Not affected", "package_name": "elfutils", "product_name": "Red Hat Virtualization 4"}], "public_date": "2023-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-33294\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-33294\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=27501"], "statement": "This CVE is under investigation by Red Hat Product Security.\nNote: Upstream would categorize this as a simple bug, not a security issue. Since most elfutils tools are run in short-lived, local, interactive, development contexts rather than remotely \"in production\", we generally treat malfunctions as ordinary bugs rather than security vulnerabilities.\nThe version, as shipped in Red Hat Enterprise Linux 9, is not affected by this vulnerability.", "threat_severity": "Low", "upstream_fix": "elfutils 0.183"}