CVE-2023-42118

EUVD-2023-46577

03.05.2024, 03:15

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. 

The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account.
. Was ZDI-CAN-17578.

Wrap or Wraparound

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.8 HIGH	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi	CNA	7.5 HIGH				CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Affected Products (NVD)

Vendor	Product	Version
libspf2_project	libspf2	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libspf2

bookworm	postponed
bullseye	postponed
bullseye (security)	vulnerable
buster	postponed
sid	vulnerable
trixie	vulnerable

Ubuntu Releases

Ubuntu Product

Codename

exim4

bionic	deferred
focal	deferred
jammy	deferred
lunar	ignored
mantic	ignored
noble	deferred
oracular	deferred
trusty	ignored
xenial	deferred

libspf2

bionic	deferred
focal	deferred
jammy	deferred
lunar	ignored
mantic	ignored
noble	deferred
oracular	deferred
trusty	ignored
xenial	deferred

Common Weakness Enumeration

CWE-191 - Integer Underflow (Wrap or Wraparound)
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1472/

http://www.openwall.com/lists/oss-security/2025/03/28/1

https://www.zerodayinitiative.com/advisories/ZDI-23-1472/