Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2021-33913
HistoryJan 19, 2022 - 6:15 p.m.

CVE-2021-33913

2022-01-1918:15:07
Alpine Linux Development Team
security.alpinelinux.org
23
libspf2
buffer overflow
remote attackers
arbitrary code
dns record
e-mail
internet
supply chain
exim
postfix
spfquery
unix

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.023

Percentile

89.9%

JSON

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site’s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.

Related

veracode 2
prion 1
nvd 1
cvelist 1
cnvd 1
debiancve 1
osv 4
cve 1
ubuntucve 1
debian 1
openvas 3
nessus 4
ubuntu 2
gentoo 1
veracode
veracode
Remote Code Execution (RCE)
2022-01-20 06:14:24
Remote Code Execution (RCE)
2022-01-20 05:38:57
prion
prion
Heap overflow
2022-01-19 18:15:00
nvd
nvd
CVE-2021-33913
2022-01-19 18:15:07
cvelist
cvelist
CVE-2021-33913
2022-01-19 00:00:00
cnvd
cnvd
libspf2 buffer overflow vulnerability (CNVD-2022-19089)
2022-01-25 00:00:00
debiancve
debiancve
CVE-2021-33913
2022-01-19 18:15:07
osv
osv
CVE-2021-33913
2022-01-19 18:15:07
libspf2 - security update
2022-01-21 00:00:00
libspf2 vulnerabilities
2024-02-21 10:40:23
cve
cve
CVE-2021-33913
2022-01-19 18:15:07
ubuntucve
ubuntucve
CVE-2021-33913
2022-01-19 00:00:00
debian
debian
[SECURITY] [DLA 2890-1] libspf2 security update
2022-01-20 23:35:22
openvas
openvas
Debian: Security Advisory (DLA-2890-1)
2022-01-21 00:00:00
Ubuntu: Security Advisory (USN-6584-1)
2024-01-16 00:00:00
Ubuntu: Security Advisory (USN-6584-2)
2024-02-22 00:00:00
nessus
nessus
Debian DLA-2890-1 : libspf2 - LTS security update
2022-01-21 00:00:00
Ubuntu 16.04 LTS : Libspf2 vulnerabilities (USN-6584-2)
2024-02-21 00:00:00
GLSA-202401-22 : libspf2: Multiple vulnerabilities
2024-01-15 00:00:00
ubuntu
ubuntu
Libspf2 vulnerabilities
2024-01-15 00:00:00
Libspf2 vulnerabilities
2024-02-21 00:00:00
gentoo
gentoo
libspf2: Multiple vulnerabilities
2024-01-15 00:00:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.023

Percentile

89.9%

JSON
Related for ALPINE:CVE-2021-33913
veracode2prion1nvd1cvelist1cnvd1debiancve1osv4cve1ubuntucve1debian1openvas3nessus4ubuntu2gentoo1