add info for libspf2 zdi vuln for now

This one is unclear at the moment because there aren't many real details on it, but we'll go ahead and label it as no fix and see what happens. We can always adjust it as more information comes in. Signed-off-by: Weston Steimel <[email protected]>
anchore · May 30, 2024 · 774470d · 774470d
1 parent f44ef0e
commit 774470d
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/data/anchore/2023/CVE-2023-42118.json b/data/anchore/2023/CVE-2023-42118.json
@@ -0,0 +1,46 @@
+{
+  "additionalMetadata": {
+    "cna": "zdi",
+    "cveId": "CVE-2023-42117",
+    "reason": "Added CPE configurations because not yet analyzed by NVD.",
+    "references": [
+      "https://www.zerodayinitiative.com/advisories/ZDI-23-1472/"
+    ]
+  },
+  "adp": {
+    "affected": [
+      {
+        "cpes": [
+          "cpe:2.3:a:libspf2:libspf2:*:*:*:*:*:*:*:*",
+          "cpe:2.3:a:libspf2_project:libspf2:*:*:*:*:*:*:*:*"
+        ],
+        "product": "libspf2",
+        "repo": "https://github.com/shevek/libspf2",
+        "vendor": "shevek",
+        "versions": [
+          {
+            "lessThanOrEqual": "*",
+            "status": "affected",
+            "version": "0",
+            "versionType": "custom"
+          }
+        ]
+      }
+    ],
+    "providerMetadata": {
+      "orgId": "00000000-0000-4000-8000-000000000000",
+      "shortName": "anchoreadp"
+    },
+    "references": [
+      {
+        "url": "https://exim.org/static/doc/security/CVE-2023-zdi.txt"
+      },
+      {
+        "url": "https://bugs.exim.org/show_bug.cgi?id=3032"
+      },
+      {
+        "url": "https://github.com/shevek/libspf2/issues/45"
+      }
+    ]
+  }
+}