CVE-2023-42118

CVE-2023-42118 affects Exim libspf2. The vulnerability arises in the SPF macro parser, where unvalidated user-supplied data can trigger an integer underflow before memory write, enabling remote code execution with the service account context. Exploitation appears feasible by network-adjacent atta...

CVE-2021-33913

CVE-2021-33912 and CVE-2021-33913 affect libspf2 prior to 1.2.11. Multiple advisories (Ubuntu USN-6584-1/2, Debian DLA-2890-1, Gentoo GLSA-202401-22, Debian DLA-2890) describe heap-based buffer overflows in SPF_record_expand_data and related code, which could allow remote attackers to execute arb...

CVE-2021-33912

Libspf2 prior to 1.2.11 contains a four-byte heap-based buffer overflow triggered by crafting SPF DNS records, due to incorrect sprintf usage in SPF_record_expand_data (spf_expand.c). This can allow a remote attacker to execute arbitrary code via an unauthenticated email message. The vulnerabilit...