PT-2012-1089 · Boost+3 · Boost+3

Xi Wang

Published

2012-07-16

Updated

2021-05-26

CVE-2012-2677

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Boost versions 1.33.1 through 1.41.0

Description The issue is related to an integer overflow in the ordered malloc function in boost/pool/pool.hpp in Boost Pool, which can lead to memory-related attacks such as buffer overflows via a large memory chunk size value. This can cause less memory to be allocated than expected, potentially disrupting the availability of protected information. The exploitation of this issue can be performed remotely.

Recommendations For Boost versions 1.33.1 through 1.41.0, update to a version later than 1.41.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

AZL-41751

AZL-41929

BDU:2015-06980

BDU:2015-06981

BDU:2015-06982

BDU:2015-06983

BDU:2015-06984

BDU:2015-06985

BDU:2015-06986

BDU:2015-06987

BDU:2015-06988

BDU:2015-06989

BDU:2015-06990

BDU:2015-06991

BDU:2015-06992

BDU:2015-06993

BDU:2015-06994

BDU:2015-08844

BDU:2015-08845

BDU:2015-08846

BDU:2015-08847

BDU:2015-08848

BDU:2015-08849

BDU:2015-08850

BDU:2015-08851

BDU:2015-08852

BDU:2015-08853

BDU:2015-08854

BDU:2015-08855

BDU:2015-08856

BDU:2015-08857

BDU:2015-08858

CESA-2013_0668

CVE-2012-2677

RHSA-2013:0668

RHSA-2013_0668

SUSE-SU-2012_0882-1

Affected Products

Boost

Centos

Red Hat

Suse

PT-2012-1089 · Boost+3 · Boost+3

CVE-2012-2677

Weakness Enumeration

Related Identifiers

Affected Products

References · 45