Vulnerability Description
Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libspf2 | Libspf2 | < 1.2.11 |
| Redhat | Enterprise Linux | 7.0 |
| Fedoraproject | Fedora | 33 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1993070Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202401-22
- https://bugzilla.redhat.com/show_bug.cgi?id=1993070Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.gentoo.org/glsa/202401-22
FAQ
What is CVE-2021-20314?
CVE-2021-20314 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.
How severe is CVE-2021-20314?
CVE-2021-20314 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-20314?
Check the references section above for vendor advisories and patch information. Affected products include: Libspf2 Libspf2, Redhat Enterprise Linux, Fedoraproject Fedora.