CVE-2021-20314Out-of-bounds Write in Libspf2

CWE-787Out-of-bounds Write8 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.2%
top 61.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Libspf2Debian Libspf2Fedoraproject Fedora+1 more
Timeline
PublishedAug 12
Latest updateFeb 21

Description

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

debiandebian/libspf2< libspf2 1.2.10-7.1 (bookworm)
NVDlibspf2/libspf2< 1.2.11
Debianlibspf2/libspf2< 1.2.10-7.1~deb11u1+3
Ubuntulibspf2/libspf2< 1.2.10-7+deb9u2build0.20.04.1+3
CVEListV5libspf2/libspf21.2.11

Also affects: Fedora 33, 34, 35, Enterprise Linux 7.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

4
OSV
libspf2 vulnerabilities2024-02-21
OSV
libspf2 vulnerabilities2024-01-15
GHSA
GHSA-7mf9-xf4j-h63m: Stack buffer overflow in libspf2 versions below 12022-05-24
OSV
CVE-2021-20314: Stack buffer overflow in libspf2 versions below 12021-08-12

📋Vendor Advisories

3
Ubuntu
Libspf2 vulnerabilities2024-02-21
Ubuntu
Libspf2 vulnerabilities2024-01-15
Debian
CVE-2021-20314: libspf2 - Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain S...2021
CVE-2021-20314 — Out-of-bounds Write in Libspf2 | cvebase