CVE-2012-2677
boost: ordered_malloc() overflow
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
Desbordamiento de entero en la función de impulso ordered_malloc en boost/pool/pool.hpp en Boost Pool anterior a v3.9 hace más fácil para los atacantes dependientes de contexto llevar a cabo los ataques relacionados con la memoria tales como desbordamientos de búfer a través de un valor de gran tamaño, lo que provoca menos memoria que se asignará de lo esperado.
A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters sanitization, when allocating memory. If an application, using the Boost C++ source libraries for memory allocation, was missing application-level checks for safety of 'next_size' and 'max_size' values, a remote attacker could provide a specially-crafted application-specific file (requiring runtime memory allocation it to be processed correctly) that, when opened would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw. ): boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequence would be considered as valid. The package has been patched to fix above security flaw.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-05-14 CVE Reserved
- 2012-07-25 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-05-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-189: Numeric Errors
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited | X_refsource_misc | |
| http://www.openwall.com/lists/oss-security/2012/06/05/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/06/07/13 | Mailing List |
|
| https://svn.boost.org/trac/boost/ticket/6701 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://svn.boost.org/trac/boost/changeset/78326 | 2024-08-06 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Boost Search vendor "Boost" | Pool Search vendor "Boost" for product "Pool" | <= 1.0.0 Search vendor "Boost" for product "Pool" and version " <= 1.0.0" | - |
Affected
| ||||||
| Boost Search vendor "Boost" | Pool Search vendor "Boost" for product "Pool" | 2.0.0 Search vendor "Boost" for product "Pool" and version "2.0.0" | - |
Affected
| ||||||