Vulnerabilites related to libspf2_project - libspf2
Vulnerability from fkie_nvd
Published
2022-01-19 18:15
Modified
2024-11-21 06:09
Severity ?
Summary
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202401-22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-22 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libspf2_project | libspf2 | * | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libspf2_project:libspf2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9926529-9106-4A0B-85FA-F1E286816711",
"versionEndExcluding": "1.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site\u0027s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not."
},
{
"lang": "es",
"value": "libspf2 versiones anteriores a 1.2.11, presenta un desbordamiento de b\u00fafer de cuatro bytes en la regi\u00f3n heap de la memoria que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario (por medio de un mensaje de correo electr\u00f3nico no autenticado desde cualquier lugar de Internet) con un registro DNS SPF dise\u00f1ado, debido al uso incorrecto de sprintf en el archivo SPF_record_expand_data en spf_expand.c. El c\u00f3digo vulnerable puede ser parte de la cadena de suministro de la infraestructura de correo electr\u00f3nico de un sitio (por ejemplo, con una configuraci\u00f3n adicional, Exim puede usar libspf2; el sitio web de Postfix enlaza con parches no oficiales para el uso de libspf2 con Postfix; las versiones m\u00e1s antiguas de spfquery depend\u00edan de libspf2), pero lo m\u00e1s frecuente es que no lo sea"
}
],
"id": "CVE-2021-33912",
"lastModified": "2024-11-21T06:09:45.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-19T18:15:07.783",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-22"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-05-03 03:15
Modified
2025-08-07 18:17
Severity ?
Summary
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.
. Was ZDI-CAN-17578.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libspf2_project | libspf2 | - | |
| exim | exim | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libspf2_project:libspf2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99D0C1B5-85F6-47DD-A171-093A38D7FDDB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:exim:exim:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C70FF451-2194-4021-B6B5-11D1CC7A19C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.\n. Was ZDI-CAN-17578."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de desbordamiento de enteros Exim libspf2. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Exim libspf2. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el an\u00e1lisis de las macros SPF. Al analizar macros SPF, el proceso no valida adecuadamente los datos proporcionados por el usuario, lo que puede provocar un desbordamiento insuficiente de enteros antes de escribir en la memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la cuenta de servicio. Era ZDI-CAN-17578."
}
],
"id": "CVE-2023-42118",
"lastModified": "2025-08-07T18:17:31.450",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-05-03T03:15:50.643",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/03/28/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-191"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-19 18:15
Modified
2024-11-21 06:09
Severity ?
Summary
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure | Exploit, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202401-22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-22 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| libspf2_project | libspf2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libspf2_project:libspf2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9926529-9106-4A0B-85FA-F1E286816711",
"versionEndExcluding": "1.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site\u0027s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not."
},
{
"lang": "es",
"value": "libspf2 versiones anteriores a 1.2.11, presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario (por medio de un mensaje de correo electr\u00f3nico no autenticado desde cualquier lugar de Internet) con un registro DNS SPF dise\u00f1ado, debido a SPF_record_expand_data en el archivo spf_expand.c. La cantidad de datos desbordados depende de la relaci\u00f3n entre la longitud de un nombre de dominio completo y la longitud de su etiqueta m\u00e1s a la izquierda. El c\u00f3digo vulnerable puede formar parte de la cadena de suministro de la infraestructura de correo electr\u00f3nico de un sitio (por ejemplo, con una configuraci\u00f3n adicional, Exim puede usar libspf2; el sitio web de Postfix enlaza con parches no oficiales para el uso de libspf2 con Postfix; las versiones m\u00e1s antiguas de spfquery depend\u00edan de libspf2), pero lo m\u00e1s frecuente es que no lo sea"
}
],
"id": "CVE-2021-33913",
"lastModified": "2024-11-21T06:09:46.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-19T18:15:07.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202401-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202401-22"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-42118 (GCVE-0-2023-42118)
Vulnerability from cvelistv5
Published
2024-05-03 02:13
Modified
2025-03-28 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Summary
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.
. Was ZDI-CAN-17578.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:exim:libspf2:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libspf2",
"vendor": "exim",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-42118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T14:45:10.464774Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T20:58:33.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-28T12:04:20.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ZDI-23-1472",
"tags": [
"x_research-advisory",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/28/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "libspf2",
"vendor": "Exim",
"versions": [
{
"status": "affected",
"version": "exim 4.96-RC0-14-24b8ed847-XX"
}
]
}
],
"dateAssigned": "2023-09-06T21:25:45.475Z",
"datePublic": "2023-09-27T22:21:14.249Z",
"descriptions": [
{
"lang": "en",
"value": "Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. \n\nThe specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.\n. Was ZDI-CAN-17578."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:30:11.548Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-23-1472",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Exim libspf2 Integer Underflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2023-42118",
"datePublished": "2024-05-03T02:13:26.055Z",
"dateReserved": "2023-09-06T21:14:24.436Z",
"dateUpdated": "2025-03-28T12:04:20.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33912 (GCVE-0-2021-33912)
Vulnerability from cvelistv5
Published
2022-01-19 00:00
Modified
2024-08-04 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:52.118Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"tags": [
"x_transferred"
],
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2890-1] libspf2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"name": "GLSA-202401-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site\u0027s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-15T17:06:19.307442",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2890-1] libspf2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"name": "GLSA-202401-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33912",
"datePublished": "2022-01-19T00:00:00",
"dateReserved": "2021-06-07T00:00:00",
"dateUpdated": "2024-08-04T00:05:52.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33913 (GCVE-0-2021-33913)
Vulnerability from cvelistv5
Published
2022-01-19 00:00
Modified
2024-08-04 00:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:05:51.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"tags": [
"x_transferred"
],
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2890-1] libspf2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"name": "GLSA-202401-22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site\u0027s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-15T17:06:15.903756",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"
},
{
"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"
},
{
"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2890-1] libspf2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"
},
{
"name": "GLSA-202401-22",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-22"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-33913",
"datePublished": "2022-01-19T00:00:00",
"dateReserved": "2021-06-07T00:00:00",
"dateUpdated": "2024-08-04T00:05:51.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}