Unrated severityNVD Advisory· Published Dec 1, 2008· Updated Apr 23, 2026

CVE-2008-5297

Description

Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.

Affected products

Vitalwerks/No Ip Duc4 versions
cpe:2.3:a:vitalwerks:no-ip_duc:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:vitalwerks:no-ip_duc:*:*:*:*:*:*:*:*range: <=2.1.7
- cpe:2.3:a:vitalwerks:no-ip_duc:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:vitalwerks:no-ip_duc:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:vitalwerks:no-ip_duc:2.1.5:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xenomuta.tuxfamily.org/exploits/noIPwn3r.cnvdExploit
bugs.debian.org/cgi-bin/bugreport.cginvd
secunia.com/advisories/32761nvd
secunia.com/advisories/33138nvd
secunia.com/advisories/33610nvd
security.gentoo.org/glsa/glsa-200901-12.xmlnvd
securityreason.com/securityalert/4672nvd
www.debian.org/security/2008/dsa-1686nvd
www.openwall.com/lists/oss-security/2008/11/21/15nvd
www.securityfocus.com/bid/32344nvd
exchange.xforce.ibmcloud.com/vulnerabilities/46696nvd
www.exploit-db.com/exploits/7151nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.013
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000