N/A

libspf2 before 1.2.11 has a heap-based buffer overflow that might allow remote attackers to execute arbitrary code (via an unauthenticated e-mail message from anywhere on the Internet) with a crafted SPF DNS record, because of SPF_record_expand_data in spf_expand.c. The amount of overflowed data depends on the relationship between the length of an entire domain name and the length of its leftmost label. The vulnerable code may be part of the supply chain of a site's e-mail infrastructure (e.g., with additional configuration, Exim can use libspf2; the Postfix web site links to unofficial patches for use of libspf2 with Postfix; older versions of spfquery relied on libspf2) but most often is not.

N/A

N/A

libspf2 缓冲区错误漏洞

libspf2是一个库，它允许电子邮件系统（例如 Sendmail、Postfix、Exim、Zmailer 和 MS Exchange）检查SPF 记录并确保电子邮件得到了来自它的域名的授权。这可以防止垃圾邮件发送者、诈骗者和电子邮件病毒/蠕虫常用的电子邮件伪造。 libspf2 存在缓冲区错误漏洞，该漏洞源于libspf2存在堆缓冲区溢出，远程攻击者可利用该漏洞使用一个特定的SPF DNS记录执行任意代码。

N/A

N/A