Bug 1194922 - (CVE-2021-33913) VUL-0: CVE-2021-33913: libspf2: heap-based buffer overflow in SPF_record_expand_data in spf_expand.c
VUL-0: CVE-2021-33913: libspf2: heap-based buffer overflow in SPF_record_expa...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.3
Other Other
: P3 - Medium : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2022-01-20 08:19 UTC by Thomas Leroy
Modified: 2022-01-28 15:44 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Leroy 2022-01-20 08:19:55 UTC

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote
attackers to execute arbitrary code (via an unauthenticated e-mail message from
anywhere on the Internet) with a crafted SPF DNS record, because of
SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on
the relationship between the length of an entire domain name and the length of
its leftmost label. The vulnerable code may be part of the supply chain of a
site's e-mail infrastructure (e.g., with additional configuration, Exim can use
libspf2; the Postfix web site links to unofficial patches for use of libspf2
with Postfix; older versions of spfquery relied on libspf2) but most often is

Upstream commit:

Comment 1 Thomas Leroy 2022-01-20 08:20:09 UTC
The followings should be affected:
- openSUSE:Factory                             1.2.10
- openSUSE:Backports:SLE-15-SP3:Update         1.2.10
- openSUSE:Backports:SLE-15-SP4                1.2.10
- openSUSE:Leap:15.3:Update                    1.2.10
- openSUSE:Leap:15.4                           1.2.10
Comment 2 Dirk Stoecker 2022-01-20 09:07:05 UTC