Описание
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | not-affected | noble 1.2.10-8 |
| esm-apps/bionic | released | 1.2.10-7ubuntu0.18.04.1~esm1 |
| esm-apps/focal | released | 1.2.10-7+deb9u2build0.20.04.1 |
| esm-apps/jammy | not-affected | 1.2.10-7.1ubuntu1 |
| esm-apps/noble | not-affected | noble 1.2.10-8 |
| esm-apps/xenial | released | 1.2.10-6ubuntu0.1~esm2 |
| focal | released | 1.2.10-7+deb9u2build0.20.04.1 |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
EPSS
9.3 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that ...
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
EPSS
9.3 Critical
CVSS2
9.8 Critical
CVSS3