CVE-2008-0171

boost regular expression memory corruption flaws

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.

regex/v4/perl_matcher_non_recursive.hpp en la librería de expresiones regulares (también conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (fallo de aserción y caída) mediante una expresión regular inválida.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-01-09 CVE Reserved
2008-01-17 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-11-20 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (23)

URL	Tag	Source
http://bugs.gentoo.org/show_bug.cgi?id=205955	X_refsource_confirm
http://secunia.com/advisories/28511	Third Party Advisory
http://secunia.com/advisories/28527	Third Party Advisory
http://secunia.com/advisories/28545	Third Party Advisory
http://secunia.com/advisories/28705	Third Party Advisory
http://secunia.com/advisories/28860	Third Party Advisory
http://secunia.com/advisories/28943	Third Party Advisory
http://secunia.com/advisories/29323	Third Party Advisory
http://secunia.com/advisories/48099	Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0063	X_refsource_confirm
http://www.securityfocus.com/archive/1/488102/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/27325	Vdb Entry
http://www.vupen.com/english/advisories/2008/0249	Vdb Entry
https://issues.rpath.com/browse/RPL-2143	X_refsource_confirm

URL	Date	SRC
http://svn.boost.org/trac/boost/changeset/42674	2024-08-07
http://svn.boost.org/trac/boost/changeset/42745	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html	2018-10-15
http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml	2018-10-15
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032	2018-10-15
http://www.ubuntu.com/usn/usn-570-1	2018-10-15
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html	2018-10-15
https://access.redhat.com/security/cve/CVE-2008-0171	2012-02-21
https://bugzilla.redhat.com/show_bug.cgi?id=428316	2012-02-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Boost Search vendor "Boost"		Boost Search vendor "Boost" for product "Boost"				1.33 Search vendor "Boost" for product "Boost" and version "1.33"		-		Affected
Boost Search vendor "Boost"		Boost Search vendor "Boost" for product "Boost"				1.34 Search vendor "Boost" for product "Boost" and version "1.34"		-		Affected
Boost Search vendor "Boost"		Boost Regex Library Search vendor "Boost" for product "Boost Regex Library"				*		-		Affected