CVE-2023-42118

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-42118

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42118.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-42118

Related

Published

2024-05-03T03:15:50Z

Modified

2024-12-05T15:35:06.440460Z

Summary

[none]

Details

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

References

Affected packages

Alpine:v3.18 / libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Alpine:v3.19 / libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Alpine:v3.20 / libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Alpine:v3.21 / libspf2

Package

Name: libspf2
Purl: pkg:apk/alpine/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.11-r3

Affected versions

1.*

1.2.9-r0

1.2.9-r1

1.2.9-r2

1.2.9-r3

1.2.9-r4

1.2.9-r5

1.2.9-r6

1.2.9-r7

1.2.9-r8

1.2.10-r0

1.2.10-r1

1.2.10-r2

1.2.10-r3

1.2.10-r4

1.2.10-r5

1.2.10-r6

1.2.10-r7

1.2.11-r1

1.2.11-r2

Debian:11 / libspf2

Package

Name: libspf2
Purl: pkg:deb/debian/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7

1.2.10-7.1~deb10u1

1.2.10-7.1~deb11u1

1.2.10-7.1

1.2.10-7.2

1.2.10-8

1.2.10-8.1~exp1

1.2.10-8.1

1.2.10-8.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libspf2

Package

Name: libspf2
Purl: pkg:deb/debian/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7.2

1.2.10-8

1.2.10-8.1~exp1

1.2.10-8.1

1.2.10-8.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libspf2

Package

Name: libspf2
Purl: pkg:deb/debian/libspf2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7.2

1.2.10-8

1.2.10-8.1~exp1

1.2.10-8.1

1.2.10-8.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}