CVE-2008-2469

Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
libspflibspf2
𝑥
≤ 1.2.7
libspflibspf2
1.0.2
libspflibspf2
1.0.3
libspflibspf2
1.0.4
libspflibspf2
1.2.1
libspflibspf2
1.2.3
libspflibspf2
1.2.4
libspflibspf2
1.2.5
libspflibspf2
1.2.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libspf2
bullseye (security)
1.2.10-7.1~deb11u1
fixed
bullseye
1.2.10-7.1~deb11u1
fixed
bookworm
1.2.10-7.2
fixed
sid
1.2.10-8.2
fixed
trixie
1.2.10-8.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libspf2
hardy
Fixed 1.2.5.dfsg-4ubuntu0.8.04.1
released
gutsy
Fixed 1.2.5.dfsg-4ubuntu0.7.10.1
released
dapper
Fixed 1.2.5-3ubuntu0.1
released
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
http://secunia.com/advisories/32396
http://secunia.com/advisories/32450
http://secunia.com/advisories/32496
http://secunia.com/advisories/32720
http://security.gentoo.org/glsa/glsa-200810-03.xml
http://securityreason.com/securityalert/4487
http://up2date.astaro.com/2008/11/up2date_7305_released.html
http://www.debian.org/security/2008/dsa-1659
http://www.doxpara.com/?p=1263
http://www.doxpara.com/?page_id=1256
http://www.kb.cert.org/vuls/id/183657
http://www.securityfocus.com/bid/31881
http://www.vupen.com/english/advisories/2008/2896
https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1
https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025
https://exchange.xforce.ibmcloud.com/vulnerabilities/46055
https://www.exploit-db.com/exploits/6805
http://bugs.gentoo.org/show_bug.cgi?format=multiple&id=242254
http://secunia.com/advisories/32396
http://secunia.com/advisories/32450
http://secunia.com/advisories/32496
http://secunia.com/advisories/32720
http://security.gentoo.org/glsa/glsa-200810-03.xml
http://securityreason.com/securityalert/4487
http://up2date.astaro.com/2008/11/up2date_7305_released.html
http://www.debian.org/security/2008/dsa-1659
http://www.doxpara.com/?p=1263
http://www.doxpara.com/?page_id=1256
http://www.kb.cert.org/vuls/id/183657
http://www.securityfocus.com/bid/31881
http://www.vupen.com/english/advisories/2008/2896
https://answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1
https://bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025
https://exchange.xforce.ibmcloud.com/vulnerabilities/46055
https://www.exploit-db.com/exploits/6805