CVE-2021-20314

CRITICAL9.8EPSS 0.17%

libspf2 - security update

Published: 8/12/2021Modified: 4/28/2026

Description

Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code execution via malicious crafted SPF explanation messages.

Affected packages (4)

Alpine/libspf2from 0, < 1.2.10-r5
Debian/libspf2from 0, < 1.2.10-7.1~deb11u1
Debian/libspf2from 0, < 1.2.10-7+deb9u1
Debian/libspf2from 0, < 1.2.10-7.1~deb10u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2021-20314
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2021-20314