141 matches found
CVE-2023-42118
An integer underflow flaw was discovered in libspf2 library which exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. This vulnerability allows...
SUSE CVE-2023-42118
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing o...
Exim <= 4.96.2 libspf2 RCE Vulnerability (Sep 2023)
Exim is prone to a remote code execution RCE vulnerability in the used libspf2 library. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
libspf2 Security Vulnerabilities
libspf2 is a libspf2 open source library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that an email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. A...
(0Day) Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly...
SUSE CVE-2021-33913
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of SPFrecordexpanddata in spfexpand.c. The amount of overflowed data depend...
SUSE CVE-2021-33912
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record, because of incorrect sprintf usage in SPFrecordexpanddata in spfexpand.c...
libspf2 -- Integer Underflow Remote Code Execution
Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attack...
PT-2022-6995
Name of the Vulnerable Software and Affected Versions Exim libspf2 affected versions not specified Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. The flaw exists within the parsing of SPF macros, where the process does...
Denial Of Service (DoS)
libspf2 is vulnerable to denial of service. The vulnerability exists in ACLosslessScan::ParseMCU function in aclosslessscan.cpp because of an uncaught floating point exception which allows an attacker to cause an application crash...
Mageia: Security Advisory (MGASA-2021-0414)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2021-0454)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
libspf2 buffer overflow vulnerability (CNVD-2022-19089)
libspf2 is a library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. libspf2 suffers from a buffer...
libspf2 buffer overflow vulnerability (CNVD-2022-19088)
libspf2 is a library that allows email systems such as Sendmail, Postfix, Exim, Zmailer, and MS Exchange to check SPF records and ensure that an email is authorized from its domain. This prevents email forgery commonly used by spammers, scammers and email viruses/worms. libspf2 suffers from a...
Debian DLA-2890-1 : libspf2 - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2890 advisory. - libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail messag...
DLA-2890-1 libspf2 - security update
Bulletin has no description...
Debian: Security Advisory (DLA-2890-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2890-1] libspf2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2890-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz January 21, 2022 https://wiki.debian.org/LTS -...
Remote Code Execution (RCE)
libspf2 is vulnerable to remote code execution. The vulnerability exists due to a heap-based buffer overflow in SPFrecordexpanddata in spfexpand.c in the system allowing an attacker to execute maliciously crafted script via an unauthenticated email message...
Remote Code Execution (RCE)
libspf2 is vulnerable to remote code execution. The vulnerability exists in SPFrecordexpanddata in spfexpand.c, allowing an attacker to send a malicious SPF DNS record to cause overflow data...