CVE-2023-42118

CVSS v3.1

8.8

High

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Exim libspf2 (affected versions not specified)

Description This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. The flaw exists within the parsing of SPF macros, where the process does not properly validate user-supplied data, resulting in an integer underflow before writing to memory. An attacker can leverage this to execute code in the context of the service account.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Integer Underflow

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191CWE-190

Related Identifiers

BDU:2023-06275

CVE-2023-42118

OESA-2024-2584

OESA-2024-2585

OESA-2024-2586

OESA-2025-1077

ROSA-SA-2024-2528

ZDI-23-1472

Affected Products

Astra Linux

Debian

Exim Libspf2

Red Os

CVE-2023-42118

Weakness Enumeration

Related Identifiers

Affected Products

References · 48