Public on 2023-09-29
Modified on 2023-10-16
An integer underflow flaw was discovered in libspf2 library which exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. This vulnerability allows network-adjacent unprivileged attackers to execute code in the context of the service account.
Important severity
CVSS v3 Base Score
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 exim Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H