oss-sec mailing list archives
Re: CVE-2021-20314: Remote stack buffer overflow in libspf2
From: Sam James <sam () cmpct info>
Date: Thu, 12 Aug 2021 00:18:46 +0100
On 11 Aug 2021, at 15:41, Philipp Jeitner (SIT) <philipp.jeitner () sit fraunhofer de> wrote: #### Description Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages. CVE-2021-20314 has been assigned to this issue. [...] #### Patch The issue has been fixed in github commit c37b7c1: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef An updated version of libspf2 (1.2.11) which also fixes other security related issues is available from github (https://github.com/shevek/libspf2). The libspf2 website (https://www.libspf2.org/download.html) and latest release there is NOT UPDATED YET.
I don't see this as either a tag or a release on the GitHub repository. Possibly the maintainer forgot to run git push --tags? Thanks for your work on this issue. best, sam
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- CVE-2021-20314: Remote stack buffer overflow in libspf2 Philipp Jeitner (SIT) (Aug 11)
- Re: CVE-2021-20314: Remote stack buffer overflow in libspf2 Sam James (Aug 12)