UBUNTU-CVE-2023-42118
- Source
- https://ubuntu.com/security/CVE-2023-42118
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-42118.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-42118
- Upstream
- Published
- 2024-05-03T03:15:00Z
- Modified
- 2026-01-20T18:09:00.956285Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.
- References
Affected packages
Ubuntu:20.04:LTS
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.93-13ubuntu1.12?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.92.1-1ubuntu3
4.92.1-1ubuntu4
4.93~RC2-1ubuntu1
4.93-9ubuntu1
4.93-11ubuntu1
4.93-12ubuntu1
4.93-13ubuntu1
4.93-13ubuntu1.1
4.93-13ubuntu1.5
4.93-13ubuntu1.6
4.93-13ubuntu1.7
4.93-13ubuntu1.8
4.93-13ubuntu1.9
4.93-13ubuntu1.10
4.93-13ubuntu1.11
4.93-13ubuntu1.12
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "exim4"
},
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "exim4-base"
},
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "exim4-config"
},
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.93-13ubuntu1.12",
"binary_name": "eximon4"
}
]
}libspf2
Package
- Name
- libspf2
- Purl
- pkg:deb/ubuntu/libspf2@1.2.10-7+deb9u2build0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.2.10-7+deb9u2build0.20.04.1",
"binary_name": "libmail-spf-xs-perl"
},
{
"binary_version": "1.2.10-7+deb9u2build0.20.04.1",
"binary_name": "libspf2-2"
},
{
"binary_version": "1.2.10-7+deb9u2build0.20.04.1",
"binary_name": "libspf2-dev"
},
{
"binary_version": "1.2.10-7+deb9u2build0.20.04.1",
"binary_name": "spfquery"
}
]
}Ubuntu:22.04:LTS
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.95-4ubuntu2.6?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.94.2-7ubuntu2
4.95-2ubuntu2
4.95-4ubuntu1
4.95-4ubuntu2
4.95-4ubuntu2.1
4.95-4ubuntu2.2
4.95-4ubuntu2.3
4.95-4ubuntu2.4
4.95-4ubuntu2.5
4.95-4ubuntu2.6
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "exim4"
},
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "exim4-base"
},
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "exim4-config"
},
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.95-4ubuntu2.6",
"binary_name": "eximon4"
}
]
}libspf2
Package
- Name
- libspf2
- Purl
- pkg:deb/ubuntu/libspf2@1.2.10-7.1ubuntu1?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.2.10-7.1ubuntu1",
"binary_name": "libmail-spf-xs-perl"
},
{
"binary_version": "1.2.10-7.1ubuntu1",
"binary_name": "libspf2-2"
},
{
"binary_version": "1.2.10-7.1ubuntu1",
"binary_name": "libspf2-dev"
},
{
"binary_version": "1.2.10-7.1ubuntu1",
"binary_name": "spfquery"
}
]
}Ubuntu:24.04:LTS
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.97-4ubuntu4.3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.96-17ubuntu2
4.96-17ubuntu2.1
4.97-3ubuntu1
4.97-4ubuntu1
4.97-4ubuntu3
4.97-4ubuntu4
4.97-4ubuntu4.1
4.97-4ubuntu4.2
4.97-4ubuntu4.3
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "exim4"
},
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "exim4-base"
},
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "exim4-config"
},
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.97-4ubuntu4.3",
"binary_name": "eximon4"
}
]
}libspf2
Package
- Name
- libspf2
- Purl
- pkg:deb/ubuntu/libspf2@1.2.10-8.1ubuntu3?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.2.10-8.1ubuntu3",
"binary_name": "libmail-spf-xs-perl"
},
{
"binary_version": "1.2.10-8.1ubuntu3",
"binary_name": "libspf2-2t64"
},
{
"binary_version": "1.2.10-8.1ubuntu3",
"binary_name": "libspf2-dev"
},
{
"binary_version": "1.2.10-8.1ubuntu3",
"binary_name": "spfquery"
}
]
}Ubuntu:25.10
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.98.2-1ubuntu2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "exim4"
},
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "exim4-base"
},
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "exim4-config"
},
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.98.2-1ubuntu2",
"binary_name": "eximon4"
}
]
}libspf2
Package
- Name
- libspf2
- Purl
- pkg:deb/ubuntu/libspf2@1.2.10-8.3?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.2.10-8.3",
"binary_name": "libmail-spf-xs-perl"
},
{
"binary_version": "1.2.10-8.3",
"binary_name": "libspf2-2t64"
},
{
"binary_version": "1.2.10-8.3",
"binary_name": "libspf2-dev"
},
{
"binary_version": "1.2.10-8.3",
"binary_name": "spfquery"
}
]
}Ubuntu:Pro:14.04:LTS
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.82-3ubuntu2.4+esm8?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.80-7ubuntu3
4.80-7ubuntu4
4.80-9ubuntu1
4.80-9ubuntu2
4.82-3ubuntu1
4.82-3ubuntu2
4.82-3ubuntu2.1
4.82-3ubuntu2.2
4.82-3ubuntu2.3
4.82-3ubuntu2.4
4.82-3ubuntu2.4+esm1
4.82-3ubuntu2.4+esm2
4.82-3ubuntu2.4+esm3
4.82-3ubuntu2.4+esm4
4.82-3ubuntu2.4+esm6
4.82-3ubuntu2.4+esm7
4.82-3ubuntu2.4+esm8
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "exim4"
},
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "exim4-base"
},
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "exim4-config"
},
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.82-3ubuntu2.4+esm8",
"binary_name": "eximon4"
}
]
}Ubuntu:Pro:16.04:LTS
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.86.2-2ubuntu2.6+esm8?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.86-3ubuntu1
4.86-7ubuntu1
4.86-7ubuntu2
4.86-7ubuntu3
4.86.2-2ubuntu1
4.86.2-2ubuntu2
4.86.2-2ubuntu2.1
4.86.2-2ubuntu2.2
4.86.2-2ubuntu2.3
4.86.2-2ubuntu2.4
4.86.2-2ubuntu2.5
4.86.2-2ubuntu2.6
4.86.2-2ubuntu2.6+esm1
4.86.2-2ubuntu2.6+esm2
4.86.2-2ubuntu2.6+esm4
4.86.2-2ubuntu2.6+esm5
4.86.2-2ubuntu2.6+esm6
4.86.2-2ubuntu2.6+esm7
4.86.2-2ubuntu2.6+esm8
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "exim4"
},
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "exim4-base"
},
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "exim4-config"
},
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.86.2-2ubuntu2.6+esm8",
"binary_name": "eximon4"
}
]
}libspf2
Package
- Name
- libspf2
- Purl
- pkg:deb/ubuntu/libspf2@1.2.10-6ubuntu0.1~esm2?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.2.10-6ubuntu0.1~esm2",
"binary_name": "libmail-spf-xs-perl"
},
{
"binary_version": "1.2.10-6ubuntu0.1~esm2",
"binary_name": "libspf2-2"
},
{
"binary_version": "1.2.10-6ubuntu0.1~esm2",
"binary_name": "libspf2-dev"
},
{
"binary_version": "1.2.10-6ubuntu0.1~esm2",
"binary_name": "spfquery"
}
]
}Ubuntu:Pro:18.04:LTS
exim4
Package
- Name
- exim4
- Purl
- pkg:deb/ubuntu/exim4@4.90.1-1ubuntu1.10+esm5?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.89-5ubuntu1
4.89-9ubuntu1
4.89-9ubuntu2
4.89-9ubuntu3
4.89-9ubuntu4
4.90.1-1ubuntu1
4.90.1-1ubuntu1.1
4.90.1-1ubuntu1.2
4.90.1-1ubuntu1.3
4.90.1-1ubuntu1.4
4.90.1-1ubuntu1.5
4.90.1-1ubuntu1.8
4.90.1-1ubuntu1.9
4.90.1-1ubuntu1.10
4.90.1-1ubuntu1.10+esm1
4.90.1-1ubuntu1.10+esm2
4.90.1-1ubuntu1.10+esm3
4.90.1-1ubuntu1.10+esm4
4.90.1-1ubuntu1.10+esm5
Ecosystem specific
{
"binaries": [
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "exim4"
},
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "exim4-base"
},
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "exim4-config"
},
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "exim4-daemon-heavy"
},
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "exim4-daemon-light"
},
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "exim4-dev"
},
{
"binary_version": "4.90.1-1ubuntu1.10+esm5",
"binary_name": "eximon4"
}
]
}libspf2
Package
- Name
- libspf2
- Purl
- pkg:deb/ubuntu/libspf2@1.2.10-7ubuntu0.18.04.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "1.2.10-7ubuntu0.18.04.1~esm1",
"binary_name": "libmail-spf-xs-perl"
},
{
"binary_version": "1.2.10-7ubuntu0.18.04.1~esm1",
"binary_name": "libspf2-2"
},
{
"binary_version": "1.2.10-7ubuntu0.18.04.1~esm1",
"binary_name": "libspf2-dev"
},
{
"binary_version": "1.2.10-7ubuntu0.18.04.1~esm1",
"binary_name": "spfquery"
}
]
}