CVE-2021-20314

EPSS 0.17%
Published 12.08.2021 15:15:07
Last modified 21.11.2024 05:46:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Libspf2 ≫ Libspf2 Version < 1.2.11

Redhat ≫ Enterprise Linux Version7.0

Fedoraproject ≫ Fedora Version33

Fedoraproject ≫ Fedora Version34

Fedoraproject ≫ Fedora Version35

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.387

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://bugzilla.redhat.com/show_bug.cgi?id=1993070

Patch

Third Party Advisory

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CMSFT2NJDZ7PATRZSQPAOGSE7JD6ELOB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GFXJRHPE5OSCPTNA3ZZ4ORDHT4JQH3Y4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y6T4HYXXSUQCGJB2ES6X7Q74YYF7V7XU/

https://security.gentoo.org/glsa/202401-22

https://nvd.nist.gov/vuln/detail/CVE-2021-20314

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-20314

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-20314

EUVD