Lucene search
MitreCVELIST:CVE-2021-33912HistoryJan 19, 2022 - 12:00 a.m.
CVE-2021-33912
2022-01-1900:00:00
mitre
www.cve.org
5
cve-2021-33912
remote attackers
arbitrary code
spf dns record
supply chain
e-mail infrastructure
exim
postfix
spfquery
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site’s e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.
Related
nvd
nvd
CVE-2021-33912
2022-01-19 18:15:07
cve
cve
CVE-2021-33912
2022-01-19 18:15:07
veracode
veracode
Remote Code Execution (RCE)
2022-01-20 10:30:37
ubuntucve
ubuntucve
CVE-2021-33912
2022-01-19 00:00:00
alpinelinux
alpinelinux
CVE-2021-33912
2022-01-19 18:15:07
osv
osv
CVE-2021-33912
2022-01-19 18:15:07
libspf2 - security update
2022-01-21 00:00:00
libspf2 vulnerabilities
2024-01-15 17:17:57
prion
prion
Heap overflow
2022-01-19 18:15:00
debiancve
debiancve
CVE-2021-33912
2022-01-19 18:15:07
cnvd
cnvd
libspf2 buffer overflow vulnerability (CNVD-2022-19088)
2022-01-25 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2890-1)
2022-01-21 00:00:00
Ubuntu: Security Advisory (USN-6584-1)
2024-01-16 00:00:00
Ubuntu: Security Advisory (USN-6584-2)
2024-02-22 00:00:00
debian
debian
[SECURITY] [DLA 2890-1] libspf2 security update
2022-01-20 23:35:22
nessus
nessus
Debian DLA-2890-1 : libspf2 - LTS security update
2022-01-21 00:00:00
GLSA-202401-22 : libspf2: Multiple vulnerabilities
2024-01-15 00:00:00
ubuntu
ubuntu
Libspf2 vulnerabilities
2024-01-15 00:00:00
Libspf2 vulnerabilities
2024-02-21 00:00:00
gentoo
gentoo
libspf2: Multiple vulnerabilities
2024-01-15 00:00:00