CVE-2023-42118— Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-42118
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
整数下溢(超界折返)
Source: NVD (National Vulnerability Database)
Vulnerability Title
libspf2 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libspf2是一个库,它允许电子邮件系统(例如 Sendmail、Postfix、Exim、Zmailer 和 MS Exchange)检查SPF 记录并确保电子邮件得到了来自它的域名的授权。这可以防止垃圾邮件发送者、诈骗者和电子邮件病毒/蠕虫常用的电子邮件伪造。 libspf2存在安全漏洞。攻击者利用该漏洞可以执行任意代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2023-42118
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-42118
请登录查看更多情报信息。
Same Patch Batch · Exim · 2024-05-03 · 6 CVEs total
| CVE-2023-42114 | Exim NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability | |
| CVE-2023-42119 | Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability | |
| CVE-2023-42116 | Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability | |
| CVE-2023-42117 | Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability | |
| CVE-2023-42115 | Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability |
IV. Related Vulnerabilities
Same product: libspf2
Same weakness: CWE-191
- CVE-2026-7736
osrg GoBGP mrt.go parseRibEntry integer underflow - CVE-2026-33845
Gnutls: gnutls: denial of service via dtls zero-length fragm - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS- - CVE-2026-6914
MD5 checksum creation may cause availability loss
V. Comments for CVE-2023-42118
No comments yet