CVE-2021-33913

Name of the Vulnerable Software and Affected Versions libspf2 versions prior to 1.2.11

Description The issue is a heap-based buffer overflow that might allow remote attackers to execute arbitrary code via an unauthenticated e-mail message from anywhere on the Internet with a crafted SPF DNS record. This occurs because of SPF record expand data in spf expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure, but most often it is not.

Recommendations For versions prior to 1.2.11, update to version 1.2.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of libspf2 in e-mail infrastructure configurations until a patch is applied. Avoid using crafted SPF DNS records in affected systems until the issue is resolved.