Unrated severityNVD Advisory· Published Oct 23, 2008· Updated Apr 23, 2026
CVE-2008-2469
CVE-2008-2469
Description
Heap-based buffer overflow in the SPF_dns_resolv_lookup function in Spf_dns_resolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field.
Affected products
9cpe:2.3:a:libspf:libspf2:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:libspf:libspf2:*:*:*:*:*:*:*:*range: <=1.2.7
- cpe:2.3:a:libspf:libspf2:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:libspf:libspf2:1.2.6:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- www.securityfocus.com/bid/31881nvdExploitPatch
- secunia.com/advisories/32496nvdVendor Advisory
- www.kb.cert.org/vuls/id/183657nvdUS Government Resource
- bugs.gentoo.org/show_bug.cginvd
- secunia.com/advisories/32396nvd
- secunia.com/advisories/32450nvd
- secunia.com/advisories/32720nvd
- security.gentoo.org/glsa/glsa-200810-03.xmlnvd
- securityreason.com/securityalert/4487nvd
- up2date.astaro.com/2008/11/up2date_7305_released.htmlnvd
- www.debian.org/security/2008/dsa-1659nvd
- www.doxpara.comnvd
- www.doxpara.comnvd
- www.vupen.com/english/advisories/2008/2896nvd
- answers.launchpad.net/ubuntu/gutsy/+source/libspf2/1.2.5.dfsg-4ubuntu0.7.10.1nvd
- bugs.launchpad.net/ubuntu/feisty/+source/libspf2/+bug/271025nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/46055nvd
- www.exploit-db.com/exploits/6805nvd
News mentions
0No linked articles in our index yet.