CVE-2021-20314
published 2021-08-12CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libspf2 | < libspf2 1.2.10-7.1 (bookworm) | libspf2 1.2.10-7.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| libspf2 | libspf2 | < 1.2.11 | 1.2.11 |
| libspf2 | libspf2 | — | — |
| libspf2 | libspf2 | >= 0 < 1.2.10-7.1~deb11u1 | 1.2.10-7.1~deb11u1 |
| libspf2 | libspf2 | >= 0 < 1.2.10-7.1 | 1.2.10-7.1 |
| libspf2 | libspf2 | >= 0 < 1.2.10-7.1 | 1.2.10-7.1 |
| libspf2 | libspf2 | >= 0 < 1.2.10-7.1 | 1.2.10-7.1 |
| libspf2 | libspf2 | >= 0 < 1.2.10-7+deb9u2build0.20.04.1 | 1.2.10-7+deb9u2build0.20.04.1 |
| libspf2 | libspf2 | >= 0 < 1.2.10-6ubuntu0.1~esm2 | 1.2.10-6ubuntu0.1~esm2 |
| libspf2 | libspf2 | >= 0 < 1.2.10-6ubuntu0.1~esm1 | 1.2.10-6ubuntu0.1~esm1 |
| libspf2 | libspf2 | >= 0 < 1.2.10-7ubuntu0.18.04.1~esm1 | 1.2.10-7ubuntu0.18.04.1~esm1 |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
OSV
libspf2 vulnerabilities
osv·2024-02-21·CVSS 9.8
CVE-2021-33912 [CRITICAL] libspf2 vulnerabilities
libspf2 vulnerabilities
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. This update provides the corresponding updates for
CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause
OSV
libspf2 vulnerabilities
osv·2024-01-15·CVSS 9.8
CVE-2021-20314 [CRITICAL] libspf2 vulnerabilities
libspf2 vulnerabilities
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
GHSA
GHSA-7mf9-xf4j-h63m: Stack buffer overflow in libspf2 versions below 1
ghsa_unreviewed·2022-05-24
CVE-2021-20314 [CRITICAL] CWE-787 GHSA-7mf9-xf4j-h63m: Stack buffer overflow in libspf2 versions below 1
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
OSV
CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1
osv·2021-08-12·CVSS 9.8
CVE-2021-20314 [CRITICAL] CVE-2021-20314: Stack buffer overflow in libspf2 versions below 1
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
Ubuntu
Libspf2 vulnerabilities
vendor_ubuntu·2024-02-21·CVSS 9.8
CVE-2021-33913 [CRITICAL] Libspf2 vulnerabilities
Title: Libspf2 vulnerabilities
Summary: Several security issues were fixed in Libspf2.
USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. This update provides the corresponding updates for
CVE-2021-33912 and CVE-2021-33913 in Ubuntu 16.04 LTS.
We apologize for the inconvenience.
Original advisory details:
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted inpu
Ubuntu
Libspf2 vulnerabilities
vendor_ubuntu·2024-01-15·CVSS 9.8
CVE-2021-33912 [CRITICAL] Libspf2 vulnerabilities
Title: Libspf2 vulnerabilities
Summary: Several security issues were fixed in Libspf2.
Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. (CVE-2021-20314)
It was discovered that Libspf2 incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to cause a denial of service or
execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2021-33912, CVE-2021-33913)
Instructions: In general, a standard system u
Debian
CVE-2021-20314: libspf2 - Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain S...
vendor_debian·2021·CVSS 9.8
CVE-2021-20314 [CRITICAL] CVE-2021-20314: libspf2 - Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain S...
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
Scope: local
bookworm: resolved (fixed in 1.2.10-7.1)
bullseye: resolved (fixed in 1.2.10-7.1~deb11u1)
forky: resolved (fixed in 1.2.10-7.1)
sid: resolved (fixed in 1.2.10-7.1)
trixie: resolved (fixed in 1.2.10-7.1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1993070https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/https://security.gentoo.org/glsa/202401-22https://bugzilla.redhat.com/show_bug.cgi?id=1993070https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/https://security.gentoo.org/glsa/202401-22
2021-08-12
Published