Is CVE-2023-42118 actively exploited?

CVE-2023-42118 has no public evidence of in-the-wild exploitation as of 2025-08-07.

What is the CVSS score for CVE-2023-42118?

CVE-2023-42118 has a CVSS score of 8.8 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2023-42118?

Patch guidance is available from libspf2 project security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-42118.

Which products are affected by CVE-2023-42118?

1 product: libspf2 project libspf2.

Fix CVE-2023-42118 - HIGH libspf2 project libspf2

Description

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the service account. . Was ZDI-CAN-17578.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-191

Metadata

Primary Vendor: LIBSPF2_PROJECT
Published: 5/3/2024
Last Modified: 8/7/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2023-42118

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary