9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.036 Low
EPSS
Percentile
91.8%
libspf2 is a library that implements the Sender Policy Framework, allowing mail transfer agents to make sure that an email is authorized by the domain name that it is coming from.
Multiple vulnerabilities have been discovered in libspf2. Please review the CVE identifiers referenced below for details.
Various buffer overflows have been identified that can lead to denial of service and possibly arbitrary code execution.
There is no known workaround at this time.
All libspf2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/libspf2-1.2.11"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | mail-filter/libspf2 | < 1.2.11 | UNKNOWN |
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.3 High
AI Score
Confidence
Low
0.036 Low
EPSS
Percentile
91.8%