[Git][security-tracker-team/security-tracker][master] Add additional note for libspf2 as this is a recurring question

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Dec 6 07:58:04 GMT 2023 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c9018796 by Salvatore Bonaccorso at 2023-12-06T08:56:15+01:00
Add additional note for libspf2 as this is a recurring question

The whole exim4 turnus on those issues was quite hyped and the unclear
situation around libspf2 worried a lot of poeple. Try to clarify the
position with a note mentioning that it's unclear if the CVE is the same
as the independly found integer overflow and, secondly, that it's not
even clear if the additional integer overflow is exploitable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11514,6 +11514,10 @@ CVE-2023-42118 [Exim libspf2 Integer Underflow Remote Code Execution Vulnerabili
 	NOTE: https://lists.exim.org/lurker/message/20231004.080103.8c98192c.en.html
 	NOTE: Potentially same issue as: https://github.com/shevek/libspf2/issues/45
 	NOTE: https://github.com/shevek/libspf2/pull/44
+	NOTE: The potentially related (but unknown if exploitable) integer overflow flaw from pull/44
+	NOTE: is fixed with libspf2/1.2.10-8. There have been 1. no proofs it is exploitable, and the
+	NOTE: finder clarifies as "ut I haven't been able to get it to do anything after that because
+	NOTE: another buffer fills up." and 2. that this is the same issue as CVE-2023-42118 .
 CVE-2023-42117 [Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability]
 	- exim4 4.97~RC2-2
 	[bookworm] - exim4 <no-dsa> (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9018796824871a5e1acda05dcd0214ed0071f80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c9018796824871a5e1acda05dcd0214ed0071f80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231206/b77a369b/attachment.htm>

More information about the debian-security-tracker-commits mailing list