Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-42118

Опубликовано: 03 мая 2024
Источник: nvd
CVSS3: 7.5
CVSS3: 8.8
EPSS Низкий

Описание

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:libspf2_project:libspf2:-:*:*:*:*:*:*:*
cpe:2.3:a:exim:exim:-:*:*:*:*:*:*:*

EPSS

Процентиль: 84%
0.02242
Низкий

7.5 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-191

Связанные уязвимости

ubuntu логотип

CVE-2023-42118

CVSS3: 8.8
ubuntu
больше 1 года назад

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

redhat логотип

CVE-2023-42118

CVSS3: 7.5
redhat
почти 2 года назад

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

debian логотип

CVE-2023-42118

CVSS3: 8.8
debian
больше 1 года назад

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. Th ...

github логотип

GHSA-2vq7-8vvf-w66v

CVSS3: 7.5
github
больше 1 года назад

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17578.

fstec логотип

BDU:2023-06275

CVSS3: 7.5
fstec
больше 3 лет назад

Уязвимость библиотеки libspf2 почтового сервера Exim, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 84%
0.02242
Низкий

7.5 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-191