CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
98.9%
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
Vendor | Product | Version | CPE |
---|---|---|---|
libspf | libspf2 | * | cpe:2.3:a:libspf:libspf2:*:*:*:*:*:*:*:* |
libspf | libspf2 | 1.0.2 | cpe:2.3:a:libspf:libspf2:1.0.2:*:*:*:*:*:*:* |
libspf | libspf2 | 1.0.3 | cpe:2.3:a:libspf:libspf2:1.0.3:*:*:*:*:*:*:* |
libspf | libspf2 | 1.0.4 | cpe:2.3:a:libspf:libspf2:1.0.4:*:*:*:*:*:*:* |
libspf | libspf2 | 1.2.1 | cpe:2.3:a:libspf:libspf2:1.2.1:*:*:*:*:*:*:* |
libspf | libspf2 | 1.2.3 | cpe:2.3:a:libspf:libspf2:1.2.3:*:*:*:*:*:*:* |
libspf | libspf2 | 1.2.4 | cpe:2.3:a:libspf:libspf2:1.2.4:*:*:*:*:*:*:* |
libspf | libspf2 | 1.2.5 | cpe:2.3:a:libspf:libspf2:1.2.5:*:*:*:*:*:*:* |
libspf | libspf2 | 1.2.6 | cpe:2.3:a:libspf:libspf2:1.2.6:*:*:*:*:*:*:* |
bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
secunia.com/advisories/32396
secunia.com/advisories/32450
secunia.com/advisories/32496
secunia.com/advisories/32720
security.gentoo.org/glsa/glsa-200810-03.xml
securityreason.com/securityalert/4487
up2date.astaro.com/2008/11/up2date_7305_released.html
www.debian.org/security/2008/dsa-1659
www.doxpara.com/?p=1263
www.doxpara.com/?page_id=1256
www.kb.cert.org/vuls/id/183657
www.securityfocus.com/bid/31881
www.vupen.com/english/advisories/2008/2896
answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1
bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025
exchange.xforce.ibmcloud.com/vulnerabilities/46055
www.exploit-db.com/exploits/6805