Mailing List Archive: [Bug 3032] libspf2 Integer Underflow Remote Code Execution CVE-2023-42118

[Bug 3032] libspf2 Integer Underflow Remote Code Execution CVE-2023-42118

exim-dev at lists

Oct 1, 2023, 3:39 AM

Post #1 of 2 (91 views)

https://bugs.exim.org/show_bug.cgi?id=3032

--- Comment #1 from Heiko Schlittermann <hs@schlittermann.de> ---
> https://www.zerodayinitiative.com/advisories/ZDI-23-1473/
right URL: https://www.zerodayinitiative.com/advisories/ZDI-23-1472/

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[Bug 3032] libspf2 Integer Underflow Remote Code Execution CVE-2023-42118 [ In reply to ]

exim-dev at lists

Oct 4, 2023, 12:54 AM

Post #2 of 2 (83 views)

https://bugs.exim.org/show_bug.cgi?id=3032

--- Comment #2 from Heiko Schlittermann <hs@schlittermann.de> ---
https://github.com/shevek/libspf2/pull/44 could be a fix, but still we're not
sure about the issue details.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/