CVE-2008-0172
Published: 17 January 2008
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
Notes
Author | Note |
---|---|
jdstrand | reproducers on vsec |
Priority
Status
Package | Release | Status |
---|---|---|
boost Launchpad, Ubuntu, Debian |
dapper |
Released
(1.33.1-2ubuntu0.1)
|
edgy |
Released
(1.33.1-7ubuntu1.1)
|
|
feisty |
Released
(1.33.1-9ubuntu3.1)
|
|
gutsy |
Released
(1.34.1-2ubuntu1.1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://svn.boost.org/trac/boost/changeset/42674 upstream: http://svn.boost.org/trac/boost/changeset/42745 |