Showing 1 - 3 of 3

CVE-2012-2677

Status Candidate

Overview

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.

Related Files

Gentoo Linux Security Advisory 202105-04: Posted May 26, 2021; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202105-4 - A buffer overflow in Boost might allow remote attacker(s) to execute arbitrary code. Versions less than 1.74.0-r2 are affected.; tags | advisory, remote, overflow, arbitrary; systems | linux, gentoo; advisories | CVE-2012-2677; SHA-256 | 6128a1c7d5c910a5e4b9bbc78c556bbbe8104690de093b370d56c6d9e8bd3688; Download | Favorite | View

Mandriva Linux Security Advisory 2013-065: Posted Apr 8, 2013; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2013-065 - A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters sanitization, when allocating memory. If an application, using the Boost C++ source libraries for memory allocation, was missing application-level checks for safety of 'next_size' and 'max_size' values, a remote attacker could provide a specially-crafted application-specific file (requiring runtime memory allocation it to be processed correctly) that, when opened would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw. ): boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequence would be considered as valid. The package has been patched to fix above security flaw.; tags | advisory, remote, arbitrary, code execution; systems | linux, mandriva; advisories | CVE-2012-2677, CVE-2013-0252; SHA-256 | 6506d18ba87fdd843d65a7ab4ed782fa743a400711477dd1d06c23487bbaec54; Download | Favorite | View

Red Hat Security Advisory 2013-0668-01: Posted Mar 21, 2013; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2013-0668-01 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application.; tags | advisory, arbitrary; systems | linux, redhat; advisories | CVE-2012-2677; SHA-256 | 177eeb143093a935b907879d3e2456e4d04a4b736b6f3edca5b2c328fd9975cf; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 242 files
Ubuntu 52 files
Debian 22 files
LiquidWorm 15 files
Apple 9 files
Gentoo 8 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,166)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,960)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,344)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,989)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

CVE-2012-2677

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems