CVE-2021-20314

CVE-2021-20314

Name

CVE-2021-20314

Description

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.redhat.com/show_bug.cgi?id=1993070
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/
secalert@redhat.com	https://security.gentoo.org/glsa/202401-22

Type

URI

MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1993070

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/

secalert@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/

secalert@redhat.com

https://security.gentoo.org/glsa/202401-22

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:libspf2:libspf2::::::::`	libspf2	>= None	< 1.2.11

CPE URI

Source package

Min version

Max version

cpe:2.3:a:libspf2:libspf2:*:*:*:*:*:*:*:*

libspf2

>= None

< 1.2.11

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libspf2	3.13-main	1.2.10-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
libspf2	3.12-main	1.2.10-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
libspf2	3.11-main	1.2.10-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
libspf2	edge-main	1.2.11-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
libspf2	3.21-main	1.2.11-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

libspf2

3.13-main

1.2.10-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

libspf2

3.12-main