FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libspf2 -- Integer Underflow Remote Code Execution

Affected packages
libspf2 <= 1.2.11

Details

VuXML ID 915855ad-283d-4597-b01e-e0bf611db78b
Discovery 2022-06-06
Entry 2023-10-04

Trendmicro ZDI reports:

Integer Underflow Remote Code Execution Vulnerability

The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.

[source]

References

CVE Name CVE-2023-42118
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42118

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.