Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2021-33912
HistoryJan 19, 2022 - 6:15 p.m.

CVE-2021-33912

2022-01-1918:15:07
Alpine Linux Development Team
security.alpinelinux.org
22
libspf2 buffer overflow
remote code execution
spf dns record
incorrect sprintf usage
email infrastructure
supply chain risk
unix

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.05

Percentile

93.0%

JSON

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site’s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.

Related

cve 1
nvd 1
veracode 1
ubuntucve 1
cvelist 1
cnvd 1
osv 4
prion 1
debiancve 1
openvas 3
debian 1
nessus 4
gentoo 1
ubuntu 2
cve
cve
CVE-2021-33912
2022-01-19 18:15:07
nvd
nvd
CVE-2021-33912
2022-01-19 18:15:07
veracode
veracode
Remote Code Execution (RCE)
2022-01-20 10:30:37
ubuntucve
ubuntucve
CVE-2021-33912
2022-01-19 00:00:00
cvelist
cvelist
CVE-2021-33912
2022-01-19 00:00:00
cnvd
cnvd
libspf2 buffer overflow vulnerability (CNVD-2022-19088)
2022-01-25 00:00:00
osv
osv
CVE-2021-33912
2022-01-19 18:15:07
libspf2 - security update
2022-01-21 00:00:00
libspf2 vulnerabilities
2024-01-15 17:17:57
prion
prion
Heap overflow
2022-01-19 18:15:00
debiancve
debiancve
CVE-2021-33912
2022-01-19 18:15:07
openvas
openvas
Debian: Security Advisory (DLA-2890-1)
2022-01-21 00:00:00
Ubuntu: Security Advisory (USN-6584-1)
2024-01-16 00:00:00
Ubuntu: Security Advisory (USN-6584-2)
2024-02-22 00:00:00
debian
debian
[SECURITY] [DLA 2890-1] libspf2 security update
2022-01-20 23:35:22
nessus
nessus
Debian DLA-2890-1 : libspf2 - LTS security update
2022-01-21 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS : Libspf2 vulnerabilities (USN-6584-1)
2024-01-15 00:00:00
GLSA-202401-22 : libspf2: Multiple vulnerabilities
2024-01-15 00:00:00
gentoo
gentoo
libspf2: Multiple vulnerabilities
2024-01-15 00:00:00
ubuntu
ubuntu
Libspf2 vulnerabilities
2024-01-15 00:00:00
Libspf2 vulnerabilities
2024-02-21 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.05

Percentile

93.0%

JSON
Related for ALPINE:CVE-2021-33912
cve1nvd1veracode1ubuntucve1cvelist1cnvd1osv4prion1debiancve1openvas3debian1nessus4gentoo1ubuntu2