Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-20314

Published: 12/08/2021 Updated: 15/01/2024
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libspf2

Vulnerability Summary

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libspf2 libspf2

redhat enterprise linux 7.0

fedoraproject fedora 33

fedoraproject fedora 34

fedoraproject fedora 35

Vendor Advisories

Debian Security Advisories: DSA-4955-1 libspf2 -- security update
Philipp Jeitner and Haya Shulman discovered a stack-based buffer overflow in libspf2, a library for validating mail senders with SPF, which could result in denial of service, or potentially execution of arbitrary code when processing a specially crafted SPF record For the stable distribution (buster), this problem has been fixed in version 1210- ...
Arch Linux Issues:
A stack buffer overflow in libspf2 versions below 1211 when processing certain SPF macros can lead to denial of service and potentially code execution via malicious crafted SPF explanation messages ...

Mailing Lists

Full Disclosure: CVE-2021-20314: Remote stack buffer overflow in libspf2
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2021-20314: Remote stack buffer overflow in libspf2 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: "Philipp ...

References

CWE-787https://bugzilla.redhat.com/show_bug.cgi?id=1993070https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/https://security.gentoo.org/glsa/202401-22https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4955
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook