{"vulnerability": "CVE-2021-33913", "sightings": [{"uuid": "e567f2dc-aabc-4e35-9106-a49e878495b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33913", "type": "seen", "source": "https://t.me/arpsyndicate/3949", "content": "#ExploitObserverAlert\n\nPSS-177228\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to PSS-177228. Ubuntu Security Notice USN-6584-2. Ubuntu Security Notice 6584-2 - USN-6584-1 fixed several vulnerabilities in Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This update provides the corresponding updates for CVE-2021-33912 andCVE-2021-33913 in Ubuntu 16.04 LTS. Philipp Jeitner and Haya Shulman discovered that Libspf2 incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service or execute arbitrary code.", "creation_timestamp": "2024-02-22T09:47:50.000000Z"}, {"uuid": "746d88b1-3a32-4764-bd0b-952ef05de494", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33913", "type": "seen", "source": "https://t.me/cibsecurity/35880", "content": "\u203c CVE-2021-33913 \u203c\n\nlibspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-19T20:26:10.000000Z"}]}