CVE-2021-33912 - OpenCVE

libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Libspf2 Project	Libspf2

Configuration 1 [-]

cpe:2.3:a:libspf2_project:libspf2:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b
https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html
https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure
https://security.gentoo.org/glsa/202401-22

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-01-19T00:00:00

Updated: 2024-08-04T00:05:52.118Z

Reserved: 2021-06-07T00:00:00

Link: CVE-2021-33912

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-01-19T18:15:07.783

Modified: 2024-01-15T17:15:08.160

Link: CVE-2021-33912

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-33912", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T00:05:52.118Z", "dateReserved": "2021-06-07T00:00:00", "datePublished": "2022-01-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-01-15T17:06:19.307442"}, "descriptions": [{"lang": "en", "value": "libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"}, {"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"}, {"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2890-1] libspf2 security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"}, {"name": "GLSA-202401-22", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202401-22"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:05:52.118Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b", "tags": ["x_transferred"]}, {"url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20220121 [SECURITY] [DLA 2890-1] libspf2 security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"}, {"name": "GLSA-202401-22", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202401-22"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libspf2_project:libspf2:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9926529-9106-4A0B-85FA-F1E286816711", "versionEndExcluding": "1.2.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not."}, {"lang": "es", "value": "libspf2 versiones anteriores a 1.2.11, presenta un desbordamiento de b\u00fafer de cuatro bytes en la regi\u00f3n heap de la memoria que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario (por medio de un mensaje de correo electr\u00f3nico no autenticado desde cualquier lugar de Internet) con un registro DNS SPF dise\u00f1ado, debido al uso incorrecto de sprintf en el archivo SPF_record_expand_data en spf_expand.c. El c\u00f3digo vulnerable puede ser parte de la cadena de suministro de la infraestructura de correo electr\u00f3nico de un sitio (por ejemplo, con una configuraci\u00f3n adicional, Exim puede usar libspf2; el sitio web de Postfix enlaza con parches no oficiales para el uso de libspf2 con Postfix; las versiones m\u00e1s antiguas de spfquery depend\u00edan de libspf2), pero lo m\u00e1s frecuente es que no lo sea"}], "id": "CVE-2021-33912", "lastModified": "2024-01-15T17:15:08.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-19T18:15:07.783", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/shevek/libspf2/tree/8131fe140704eaae695e76b5cd09e39bd1dd220b"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00015.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://nathanielbennett.com/blog/libspf2-cve-jan-2022-disclosure"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202401-22"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}