FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libspf2 -- Integer Underflow Remote Code Execution

Affected packages
libspf2 <= 1.2.11


VuXML ID 915855ad-283d-4597-b01e-e0bf611db78b
Discovery 2022-06-06
Entry 2023-10-04

Trendmicro ZDI reports:

Integer Underflow Remote Code Execution Vulnerability

The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.


CVE Name CVE-2023-42118