Vulnerabilities > Libspf2 Project

DATE CVE VULNERABILITY TITLE RISK
2022-01-19 CVE-2021-33912 Out-of-bounds Write vulnerability in multiple products
libspf2 before 1.2.11 has a four-byte heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of incorrect sprintf usage in SPF_record_expand_data in spf_expand.c.
network
low complexity
libspf2-project debian CWE-787
critical
9.8
2022-01-19 CVE-2021-33913 Out-of-bounds Write vulnerability in Libspf2 Project Libspf2
libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c.
network
low complexity
libspf2-project CWE-787
critical
9.8