CVE-2023-42118: 
Exim vulnerability analysis and mitigation

Exim libspf2 contains an integer underflow vulnerability (CVE-2023-42118) discovered in the SPF macro parsing functionality. The vulnerability was reported to the vendor on June 17, 2022, and was publicly disclosed on September 27, 2023, as a zero-day vulnerability. The flaw affects the libspf2 library implementations used in Exim mail server installations (ZDI Advisory).

The vulnerability stems from improper validation of user-supplied data during SPF macro parsing, which can result in an integer underflow condition before writing to memory. The vulnerability has been assigned a CVSS v3.0 base score of 7.5 (High), with the vector string AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The flaw is classified as CWE-191 (Integer Underflow) (ZDI Advisory, Red Hat).

If successfully exploited, this vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. The attack can be performed without requiring authentication, and the code execution occurs in the context of the service account (ZDI Advisory).

Given the nature of the vulnerability, the primary mitigation strategy is to restrict interaction with the application. The potentially related integer overflow flaw has been fixed in libspf2 version 1.2.10-8, though it's unclear if this addresses CVE-2023-42118 specifically (ZDI Advisory, Debian Tracker).