Lucene search
K

141 matches found

RedhatCVE
RedhatCVE
added 2023/09/30 6:24 p.m.133 views

CVE-2023-42118

An integer underflow flaw was discovered in libspf2 library which exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. This vulnerability allows...

7.5CVSS6.7AI score0.51474EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/09/29 1:47 a.m.2 views

SUSE CVE-2023-42118

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing o...

8.8CVSS7.8AI score0.51474EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/09/29 12:0 a.m.335 views

Exim <= 4.96.2 libspf2 RCE Vulnerability (Sep 2023)

Exim is prone to a remote code execution RCE vulnerability in the used libspf2 library. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

8.8CVSS7.9AI score0.51474EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.6 views

libspf2 Security Vulnerabilities

libspf2 is a libspf2 open source library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that an email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. A...

8.8CVSS7.4AI score0.51474EPSS
Exploits0References3
Zero Day Initiative
Zero Day Initiative
added 2023/09/27 12:0 a.m.89 views

(0Day) Exim libspf2 Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly...

7.5CVSS7.4AI score0.51474EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.1 views

SUSE CVE-2021-33913

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...

9.8CVSS8.3AI score0.09643EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.4 views

SUSE CVE-2021-33912

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...

9.8CVSS8.3AI score0.09643EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2022/06/06 12:0 a.m.28 views

libspf2 -- Integer Underflow Remote Code Execution

Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...

8.8CVSS7.8AI score0.51474EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/06 12:0 a.m.3 views

PT-2022-6995

Name of the Vulnerable Software and Affected Versions Exim libspf2 affected versions not specified Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. The flaw exists within the parsing of SPF macros, where the process does...

9.8CVSS7.6AI score0.51474EPSS
Exploits2References55
Veracode
Veracode
added 2022/03/12 2:51 p.m.12 views

Denial Of Service (DoS)

libspf2 is vulnerable to denial of service. The vulnerability exists in ACLosslessScan::ParseMCU function in aclosslessscan.cpp because of an uncaught floating point exception which allows an attacker to cause an application crash...

3AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2021-0414)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.0281EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.15 views

Mageia: Security Advisory (MGASA-2021-0454)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.0281EPSS
Exploits0References5
CNVD
CNVD
added 2022/01/25 12:0 a.m.25 views

libspf2 buffer overflow vulnerability (CNVD-2022-19089)

libspf2 is a library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. libspf2 suffers from a buffer...

9.8CVSS5.5AI score0.09643EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/25 12:0 a.m.22 views

libspf2 buffer overflow vulnerability (CNVD-2022-19088)

libspf2 is a library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that an email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. libspf2 suffers from a...

9.8CVSS5.2AI score0.09643EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2022/01/21 12:0 a.m.38 views

Debian DLA-2890-1 : libspf2 - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2890 advisory. - libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail messag...

9.8CVSS8.3AI score0.09643EPSS
Exploits2References7
OSV
OSV
added 2022/01/21 12:0 a.m.19 views

DLA-2890-1 libspf2 - security update

Bulletin has no description...

9.8CVSS9.3AI score0.09643EPSS
Exploits2
OpenVAS
OpenVAS
added 2022/01/21 12:0 a.m.16 views

Debian: Security Advisory (DLA-2890-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.09643EPSS
Exploits2References4
Debian
Debian
added 2022/01/20 11:35 p.m.30 views

[SECURITY] [DLA 2890-1] libspf2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2890-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz January 21, 2022 https://wiki.debian.org/LTS -...

9.8CVSS10AI score0.09643EPSS
Exploits2
Veracode
Veracode
added 2022/01/20 10:30 a.m.22 views

Remote Code Execution (RCE)

libspf2 is vulnerable to remote code execution. The vulnerability exists due to a heap-based buffer overflow in SPFrecordexpanddata in spfexpand.c in the system allowing an attacker to execute maliciously crafted script via an unauthenticated email message...

9.8CVSS4.7AI score0.09643EPSS
Exploits1References4Affected Software2
Veracode
Veracode
added 2022/01/20 6:14 a.m.25 views

Remote Code Execution (RCE)

libspf2 is vulnerable to remote code execution. The vulnerability exists in SPFrecordexpanddata in spfexpand.c, allowing an attacker to send a malicious SPF DNS record to cause overflow data...

9.8CVSS5.1AI score0.09643EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder