libspf2 Project libspf2 1.2.1

CPE Details

libspf2 Project libspf2 1.2.1
libspf2_project
libspf2
1.2.1
2022-01-25
16h12 +00:00
2022-01-28
20h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libspf2_project:libspf2:1.2.1:*:*:*:*:*:*:*

Informations

Vendor

libspf2_project

Product

libspf2

Version

1.2.1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-33912 2022-01-18 23h00 +00:00 libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
9.8
Critical
CVE-2021-33913 2022-01-18 23h00 +00:00 libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
9.8
Critical