CVE-2021-20314
Description
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.169
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Sender Policy Framework for SMTP authorization (USN-6584-1) spfquery_1.2.10-7+deb9u2build0.20.04.1_amd64.deb | Linux |
| Sender Policy Framework for SMTP authorization (USN-6584-1) libspf2-2_1.2.10-7+deb9u2build0.20.04.1_amd64.deb | Linux |
| Sender Policy Framework for SMTP authorization (USN-6584-1) libspf2-dev_1.2.10-7+deb9u2build0.20.04.1_amd64.deb | Linux |
| Sender Policy Framework for SMTP authorization (USN-6584-1) libmail-spf-xs-perl_1.2.10-7+deb9u2build0.20.04.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234