UBUNTU-CVE-2023-42118

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-42118

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42118.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-42118

Upstream

CVE-2023-42118

Published

2024-05-03T03:15:00Z

Modified

2025-07-14T06:46:27.414272Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- medium

Summary

[none]

Details

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17578.

References

Affected packages

Ubuntu:Pro:14.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.82-3ubuntu2.4+esm8?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.80-7ubuntu3

4.80-7ubuntu4

4.80-9ubuntu1

4.80-9ubuntu2

4.82-3ubuntu1

4.82-3ubuntu2

4.82-3ubuntu2.1

4.82-3ubuntu2.2

4.82-3ubuntu2.3

4.82-3ubuntu2.4

4.82-3ubuntu2.4+esm1

4.82-3ubuntu2.4+esm2

4.82-3ubuntu2.4+esm3

4.82-3ubuntu2.4+esm4

4.82-3ubuntu2.4+esm6

4.82-3ubuntu2.4+esm7

4.82-3ubuntu2.4+esm8

Ubuntu:Pro:16.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.86.2-2ubuntu2.6+esm8?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.86-3ubuntu1

4.86-7ubuntu1

4.86-7ubuntu2

4.86-7ubuntu3

4.86.2-2ubuntu1

4.86.2-2ubuntu2

4.86.2-2ubuntu2.1

4.86.2-2ubuntu2.2

4.86.2-2ubuntu2.3

4.86.2-2ubuntu2.4

4.86.2-2ubuntu2.5

4.86.2-2ubuntu2.6

4.86.2-2ubuntu2.6+esm1

4.86.2-2ubuntu2.6+esm2

4.86.2-2ubuntu2.6+esm4

4.86.2-2ubuntu2.6+esm5

4.86.2-2ubuntu2.6+esm6

4.86.2-2ubuntu2.6+esm7

4.86.2-2ubuntu2.6+esm8

Ubuntu:Pro:16.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2@1.2.10-6ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-6

1.2.10-6build1

1.2.10-6ubuntu0.1~esm1

1.2.10-6ubuntu0.1~esm2

Ubuntu:Pro:18.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.90.1-1ubuntu1.10+esm5?arch=source&distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.89-5ubuntu1

4.89-9ubuntu1

4.89-9ubuntu2

4.89-9ubuntu3

4.89-9ubuntu4

4.90.1-1ubuntu1

4.90.1-1ubuntu1.1

4.90.1-1ubuntu1.2

4.90.1-1ubuntu1.3

4.90.1-1ubuntu1.4

4.90.1-1ubuntu1.5

4.90.1-1ubuntu1.8

4.90.1-1ubuntu1.9

4.90.1-1ubuntu1.10

4.90.1-1ubuntu1.10+esm1

4.90.1-1ubuntu1.10+esm2

4.90.1-1ubuntu1.10+esm3

4.90.1-1ubuntu1.10+esm4

4.90.1-1ubuntu1.10+esm5

Ubuntu:Pro:18.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2@1.2.10-7ubuntu0.18.04.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7build2

1.2.10-7ubuntu0.18.04.1~esm1

Ubuntu:Pro:20.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.93-13ubuntu1.12?arch=source&distro=esm-infra/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.92.1-1ubuntu3

4.92.1-1ubuntu4

4.93~RC2-1ubuntu1

4.93-9ubuntu1

4.93-11ubuntu1

4.93-12ubuntu1

4.93-13ubuntu1

4.93-13ubuntu1.1

4.93-13ubuntu1.5

4.93-13ubuntu1.6

4.93-13ubuntu1.7

4.93-13ubuntu1.8

4.93-13ubuntu1.9

4.93-13ubuntu1.10

4.93-13ubuntu1.11

4.93-13ubuntu1.12

Ubuntu:Pro:20.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2@1.2.10-7+deb9u2build0.20.04.1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7build3

1.2.10-7build4

1.2.10-7+deb9u2build0.20.04.1

Ubuntu:22.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.95-4ubuntu2.6?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.94.2-7ubuntu2

4.95-2ubuntu2

4.95-4ubuntu1

4.95-4ubuntu2

4.95-4ubuntu2.1

4.95-4ubuntu2.2

4.95-4ubuntu2.3

4.95-4ubuntu2.4

4.95-4ubuntu2.5

4.95-4ubuntu2.6

Ubuntu:22.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2@1.2.10-7.1ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7.1

1.2.10-7.1ubuntu1

Ubuntu:24.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.97-4ubuntu4.3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.96-17ubuntu2

4.96-17ubuntu2.1

4.97-3ubuntu1

4.97-4ubuntu1

4.97-4ubuntu3

4.97-4ubuntu4

4.97-4ubuntu4.1

4.97-4ubuntu4.2

4.97-4ubuntu4.3

Ubuntu:24.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2@1.2.10-8.1ubuntu3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7.2build1

1.2.10-8

1.2.10-8build1

1.2.10-8.1ubuntu2

1.2.10-8.1ubuntu3

Ubuntu:25.04 / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4@4.98.1-1ubuntu2?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.98-1ubuntu2

4.98-1ubuntu3

4.98-2ubuntu1

4.98-2ubuntu2

4.98-3ubuntu1

4.98-4ubuntu1

4.98.1-1ubuntu1

4.98.1-1ubuntu2

Ubuntu:25.04 / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2@1.2.10-8.3?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-8.2

1.2.10-8.2build1

1.2.10-8.3