OESA-2023-1445

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1445

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2023-1445.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2023-1445

Upstream

CVE-2021-33294

Published

2023-07-29T11:05:34Z

Modified

2025-08-12T05:08:27.673054Z

Summary

elfutils security update

Details

Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections). Also included are helper libraries which implement DWARF, ELF, and machine-specific ELF handling and process introspection. It also provides a DSO which allows reading and writing ELF files on a high level. Third party programs depend on this package to read internals of ELF files. Yama sysctl setting to enable default attach scope settings enabling programs to use ptrace attach, access to /proc/PID/{mem,personality,stack,syscall}, and the syscalls processvmreadv and processvmwritev which are used for interprocess services, communication and introspection (like synchronisation, signaling, debugging, tracing and profiling) of processes.

Security Fix(es):

In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.(CVE-2021-33294)

Database specific

{
    "severity": "Low"
}

References

Affected packages

openEuler:20.03-LTS-SP3 / elfutils

Package

Name: elfutils
Purl: pkg:rpm/openEuler/elfutils&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.180-14.oe1

Ecosystem specific

{
    "src": [
        "elfutils-0.180-14.oe1.src.rpm"
    ],
    "noarch": [
        "elfutils-default-yama-scope-0.180-14.oe1.noarch.rpm"
    ],
    "x86_64": [
        "elfutils-libelf-0.180-14.oe1.x86_64.rpm",
        "elfutils-libelf-devel-0.180-14.oe1.x86_64.rpm",
        "elfutils-debuginfod-client-devel-0.180-14.oe1.x86_64.rpm",
        "elfutils-debugsource-0.180-14.oe1.x86_64.rpm",
        "elfutils-debuginfod-0.180-14.oe1.x86_64.rpm",
        "elfutils-help-0.180-14.oe1.x86_64.rpm",
        "elfutils-devel-0.180-14.oe1.x86_64.rpm",
        "elfutils-0.180-14.oe1.x86_64.rpm",
        "elfutils-libs-0.180-14.oe1.x86_64.rpm",
        "elfutils-debuginfo-0.180-14.oe1.x86_64.rpm",
        "elfutils-debuginfod-client-0.180-14.oe1.x86_64.rpm"
    ],
    "aarch64": [
        "elfutils-debuginfod-client-devel-0.180-14.oe1.aarch64.rpm",
        "elfutils-debugsource-0.180-14.oe1.aarch64.rpm",
        "elfutils-0.180-14.oe1.aarch64.rpm",
        "elfutils-debuginfo-0.180-14.oe1.aarch64.rpm",
        "elfutils-devel-0.180-14.oe1.aarch64.rpm",
        "elfutils-libelf-devel-0.180-14.oe1.aarch64.rpm",
        "elfutils-libelf-0.180-14.oe1.aarch64.rpm",
        "elfutils-libs-0.180-14.oe1.aarch64.rpm",
        "elfutils-help-0.180-14.oe1.aarch64.rpm",
        "elfutils-debuginfod-client-0.180-14.oe1.aarch64.rpm",
        "elfutils-debuginfod-0.180-14.oe1.aarch64.rpm"
    ]
}