Boost : Security Vulnerabilities, CVEs,
boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.
Max CVSS
5.0
EPSS Score
0.76%
Published
2013-03-12
Updated
2013-12-05
Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
Max CVSS
5.0
EPSS Score
1.39%
Published
2012-07-25
Updated
2021-05-26
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
Max CVSS
5.0
EPSS Score
1.77%
Published
2008-01-17
Updated
2018-10-15
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
Max CVSS
5.0
EPSS Score
1.39%
Published
2008-01-17
Updated
2018-10-15
4 vulnerabilities found