Candidate: CVE-2021-20314
CRD: 2021-08-11
PublicDate: 2021-08-12 15:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20314
Description:
 Stack buffer overflow in libspf2 versions below 1.2.11 when processing
 certain SPF macros can lead to Denial of service and potentially code
 execution via malicious crafted SPF explanation messages.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Philipp Jeitner and Haya Shulman
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_libspf2:
 upstream: https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
upstream_libspf2: released (1.2.11)
trusty_libspf2: ignored (out of standard support)
trusty/esm_libspf2: DNE
xenial_libspf2: ignored (out of standard support)
bionic_libspf2: needs-triage
focal_libspf2: needs-triage
hirsute_libspf2: ignored (reached end-of-life)
impish_libspf2: needs-triage
jammy_libspf2: needs-triage
devel_libspf2: needs-triage