ALPINE-CVE-2023-42118

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2023-42118

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2023-42118

Upstream

CVE-2023-42118

Published

2024-05-03T03:15:50.643Z

Modified

2025-12-03T22:53:09.581473Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

References

https://security.alpinelinux.org/vuln/CVE-2023-42118

Affected packages

Alpine:v3.18

libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json"

Alpine:v3.19

libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json"

Alpine:v3.20

libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json"

Alpine:v3.21

libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json"

Alpine:v3.22

libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json"

Alpine:v3.23

libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2023-42118.json"