Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-     adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is     not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros.
    When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an     integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in     the context of the service account. . Was ZDI-CAN-17578. (CVE-2023-42118)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0149 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2023-42118:
    Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-     adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is     not required to exploit this vulnerability.

    The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not     properly validate user-supplied data, which can result in an integer underflow before writing to memory.
    An attacker can leverage this vulnerability to execute code in the context of the service account.
    . Was ZDI-CAN-17578.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b317dd9220 advisory.

    Patch CVE-2023-42118, plus some other fixes.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7f01e967ad advisory.

    Patch CVE-2023-42118, plus some other fixes.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ae340c92ea advisory.

    Patch CVE-2023-42118, plus some other fixes.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 915855ad-283d-4597-b01e-e0bf611db78b advisory.

  - Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exists     within the parsing of SPF macros.         When parsing SPF macros, the process does not properly     validate user-supplied data, which can result in an integer         underflow before writing to memory. An     attacker can leverage         this vulnerability to execute code in the context of the         service     account. (CVE-2023-42118)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
248569	Linux Distros Unpatched Vulnerability : CVE-2023-42118	Nessus	Misc.	high
239527	TencentOS Server 4: libspf2 (TSSA-2025:0149)	Nessus	Tencent Local Security Checks	high
185270	Fedora 39 : libspf2 (2023-b317dd9220)	Nessus	Fedora Local Security Checks	high
182766	Fedora 38 : libspf2 (2023-7f01e967ad)	Nessus	Fedora Local Security Checks	high
182765	Fedora 37 : libspf2 (2023-ae340c92ea)	Nessus	Fedora Local Security Checks	high
182560	FreeBSD : libspf2 -- Integer Underflow Remote Code Execution (915855ad-283d-4597-b01e-e0bf611db78b)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2023-42118

high

Tenable Plugins

high

high

high

high

high

high