UBUNTU-CVE-2023-42118

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-42118

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42118.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-42118

Related

CVE-2023-42118

Published

2024-05-03T03:15:00Z

Modified

2024-10-23T04:39:41Z

Summary

[none]

Details

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-17578.

References

Affected packages

Ubuntu:Pro:14.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.80-7ubuntu3

4.80-7ubuntu4

4.80-9ubuntu1

4.80-9ubuntu2

4.82-3ubuntu1

4.82-3ubuntu2

4.82-3ubuntu2.1

4.82-3ubuntu2.2

4.82-3ubuntu2.3

4.82-3ubuntu2.4

4.82-3ubuntu2.4+esm1

4.82-3ubuntu2.4+esm2

4.82-3ubuntu2.4+esm3

4.82-3ubuntu2.4+esm4

4.82-3ubuntu2.4+esm6

4.82-3ubuntu2.4+esm7

4.82-3ubuntu2.4+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.86-3ubuntu1

4.86-7ubuntu1

4.86-7ubuntu2

4.86-7ubuntu3

4.86.2-2ubuntu1

4.86.2-2ubuntu2

4.86.2-2ubuntu2.1

4.86.2-2ubuntu2.2

4.86.2-2ubuntu2.3

4.86.2-2ubuntu2.4

4.86.2-2ubuntu2.5

4.86.2-2ubuntu2.6

4.86.2-2ubuntu2.6+esm1

4.86.2-2ubuntu2.6+esm2

4.86.2-2ubuntu2.6+esm4

4.86.2-2ubuntu2.6+esm5

4.86.2-2ubuntu2.6+esm6

4.86.2-2ubuntu2.6+esm7

4.86.2-2ubuntu2.6+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-6

1.2.10-6build1

1.2.10-6ubuntu0.1~esm1

1.2.10-6ubuntu0.1~esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=esm-infra/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.89-5ubuntu1

4.89-9ubuntu1

4.89-9ubuntu2

4.89-9ubuntu3

4.89-9ubuntu4

4.90.1-1ubuntu1

4.90.1-1ubuntu1.1

4.90.1-1ubuntu1.2

4.90.1-1ubuntu1.3

4.90.1-1ubuntu1.4

4.90.1-1ubuntu1.5

4.90.1-1ubuntu1.8

4.90.1-1ubuntu1.9

4.90.1-1ubuntu1.10

4.90.1-1ubuntu1.10+esm1

4.90.1-1ubuntu1.10+esm2

4.90.1-1ubuntu1.10+esm3

4.90.1-1ubuntu1.10+esm4

4.90.1-1ubuntu1.10+esm5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7build2

1.2.10-7ubuntu0.18.04.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.92.1-1ubuntu3

4.92.1-1ubuntu4

4.93~RC2-1ubuntu1

4.93-9ubuntu1

4.93-11ubuntu1

4.93-12ubuntu1

4.93-13ubuntu1

4.93-13ubuntu1.1

4.93-13ubuntu1.5

4.93-13ubuntu1.6

4.93-13ubuntu1.7

4.93-13ubuntu1.8

4.93-13ubuntu1.9

4.93-13ubuntu1.10

4.93-13ubuntu1.11

4.93-13ubuntu1.12

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7build3

1.2.10-7build4

1.2.10-7+deb9u2build0.20.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.94.2-7ubuntu2

4.95-2ubuntu2

4.95-4ubuntu1

4.95-4ubuntu2

4.95-4ubuntu2.1

4.95-4ubuntu2.2

4.95-4ubuntu2.3

4.95-4ubuntu2.4

4.95-4ubuntu2.5

4.95-4ubuntu2.6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7.1

1.2.10-7.1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.97-4ubuntu4

4.97-8ubuntu1

4.98-1ubuntu1

4.98-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2?arch=src?distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-8.1ubuntu3

1.2.10-8.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / exim4

Package

Name: exim4
Purl: pkg:deb/ubuntu/exim4?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.96-17ubuntu2

4.96-17ubuntu2.1

4.97-3ubuntu1

4.97-4ubuntu1

4.97-4ubuntu3

4.97-4ubuntu4

4.97-4ubuntu4.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / libspf2

Package

Name: libspf2
Purl: pkg:deb/ubuntu/libspf2?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.2.10-7.2build1

1.2.10-8

1.2.10-8build1

1.2.10-8.1ubuntu2

1.2.10-8.1ubuntu3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}