Lucene search

[email protected]NVD:CVE-2021-20314

HistoryAug 12, 2021 - 3:15 p.m.

CVE-2021-20314

2021-08-1215:15:07

CWE-787

[email protected]

web.nvd.nist.gov

buffer overflow

libspf2

dos

code execution

spf macros

crafted messages

cve-2021-20314

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

70.8%

JSON

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Affected configurations

Nvd

Node

libspf2libspf2Range<1.2.11

Node

redhatenterprise_linuxMatch7.0

Node

fedoraprojectfedoraMatch33

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

VendorProductVersionCPE
libspf2libspf2*cpe:2.3:a:libspf2:libspf2:*:*:*:*:*:*:*:*
redhatenterprise_linux7.0cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
fedoraprojectfedora33cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
fedoraprojectfedora34cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
libspf2	libspf2	*	cpe:2.3:a:libspf2:libspf2::::::::
redhat	enterprise_linux	7.0	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
fedoraproject	fedora	33	cpe:2.3:o:fedoraproject:fedora:33:::::::*
fedoraproject	fedora	34	cpe:2.3:o:fedoraproject:fedora:34:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*