Libspf
Products
2- 5 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-33913 | Cri | 0.64 | 9.8 | 0.10 | Jan 19, 2022 | libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount… | ||
| CVE-2021-33912 | Cri | 0.64 | 9.8 | 0.10 | Jan 19, 2022 | libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in… | ||
| CVE-2021-20314 | Cri | 0.64 | 9.8 | 0.03 | Aug 12, 2021 | Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. | ||
| CVE-2008-2469 | 0.05 | — | 0.22 | Oct 23, 2008 | Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field. | |||
| CVE-2023-42118 | 0.00 | — | 0.51 | May 3, 2024 | Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2006-1520 | 0.00 | — | 0.03 | May 22, 2006 | Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address. |
- risk 0.64cvss 9.8epss 0.10
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount…
- risk 0.64cvss 9.8epss 0.10
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in…
- risk 0.64cvss 9.8epss 0.03
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
- CVE-2008-2469Oct 23, 2008risk 0.05cvss —epss 0.22
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
- CVE-2023-42118May 3, 2024risk 0.00cvss —epss 0.51
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists…
- CVE-2006-1520May 22, 2006risk 0.00cvss —epss 0.03
Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address.