what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2008-0171

Status Candidate

Overview

regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.

Related Files

Red Hat Security Advisory 2012-0305-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0305-03 - The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. Invalid pointer dereference flaws were found in the way the Boost regular expression library processed certain, invalid expressions. An attacker able to make an application using the Boost library process a specially-crafted regular expression could cause that application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 9b5b881e679a19d7c6cef99a1adad1b032299948c919bfd6c33264db204f1ec6
Gentoo Linux Security Advisory 200802-8
Posted Feb 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200802-08 - Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perl_matcher_non_recursive.hpp (CVE-2008-0171) and a NULL pointer dereference in function get_repeat_type() file basic_regex_creator.hpp (CVE-2008-0172) when processing regular expressions. Versions less than 1.34.1-r2 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 79f9d54b81900fb2c8b6e3e1425944c10054423b74336270a45969fe88fb9caf
Mandriva Linux Security Advisory 2008-032
Posted Feb 3, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 163e8e008d1c94c33974ee04a432d6ad84565fb27b5cd2d5d7b15efd6c25a285
Ubuntu Security Notice 570-1
Posted Jan 17, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 570-1 - Will Drewry and Tavis Ormandy discovered that the boost library did not properly perform input validation on regular expressions. An attacker could send a specially crafted regular expression to an application linked against boost and cause a denial of service via application crash.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2008-0171, CVE-2008-0172
SHA-256 | 7a75a95eb54b1bbce2d18c0f317d1d00bfab67a4f2488a2f0304ee0df2be5cd5
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close