Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2021-33912
HistoryJan 19, 2022 - 6:15 p.m.

CVE-2021-33912

2022-01-1918:15:07
Alpine Linux Development Team
security.alpinelinux.org
19

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site’s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.

Related

cve 1
nvd 1
cnvd 1
debiancve 1
prion 1
osv 4
ubuntucve 1
veracode 1
cvelist 1
openvas 3
nessus 4
debian 1
gentoo 1
ubuntu 2
cve
cve
CVE-2021-33912
2022-01-19 18:15:07
nvd
nvd
CVE-2021-33912
2022-01-19 18:15:07
cnvd
cnvd
libspf2 buffer overflow vulnerability (CNVD-2022-19088)
2022-01-25 00:00:00
debiancve
debiancve
CVE-2021-33912
2022-01-19 18:15:07
prion
prion
Heap overflow
2022-01-19 18:15:00
osv
osv
CVE-2021-33912
2022-01-19 18:15:07
libspf2 - security update
2022-01-21 00:00:00
libspf2 vulnerabilities
2024-01-15 17:17:57
ubuntucve
ubuntucve
CVE-2021-33912
2022-01-19 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-01-20 10:30:37
cvelist
cvelist
CVE-2021-33912
2022-01-19 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2890-1)
2022-01-21 00:00:00
Ubuntu: Security Advisory (USN-6584-1)
2024-01-16 00:00:00
Ubuntu: Security Advisory (USN-6584-2)
2024-02-22 00:00:00
nessus
nessus
Debian DLA-2890-1 : libspf2 - LTS security update
2022-01-21 00:00:00
Ubuntu 16.04 LTS : Libspf2 vulnerabilities (USN-6584-2)
2024-02-21 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Libspf2 vulnerabilities (USN-6584-1)
2024-01-15 00:00:00
debian
debian
[SECURITY] [DLA 2890-1] libspf2 security update
2022-01-20 23:35:22
gentoo
gentoo
libspf2: Multiple vulnerabilities
2024-01-15 00:00:00
ubuntu
ubuntu
Libspf2 vulnerabilities
2024-01-15 00:00:00
Libspf2 vulnerabilities
2024-02-21 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.038 Low

EPSS

Percentile

91.9%

JSON
Related for ALPINE:CVE-2021-33912
cve1nvd1cnvd1debiancve1prion1osv4ubuntucve1veracode1cvelist1openvas3nessus4debian1gentoo1ubuntu2