Libspf2 Project Libspf2 vulnerabilities
2 known vulnerabilities affecting libspf2_project/libspf2.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2021-33913CRITICALCVSS 9.8fixed in 1.2.112022-01-19
CVE-2021-33913 [CRITICAL] CWE-787 CVE-2021-33913: libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an
nvd
CVE-2021-33912CRITICALCVSS 9.8fixed in 1.2.112022-01-19
CVE-2021-33912 [CRITICAL] CWE-787 CVE-2021-33912: libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers t
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply
nvd