Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2677

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-2677
Last Modified 05 Dec 2013 12:14:10
Published 25 Jul 2012 03:55:03
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2677

Summary

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.

Vulnerable Systems

Application

  • Boost Pool 1.0.0

  • Boost Pool 2.0.0


References

CONFIRM - https://svn.boost.org/trac/boost/ticket/6701

CONFIRM - https://svn.boost.org/trac/boost/changeset/78326

MLIST - [oss-security] 20120607 Re: memory allocator upstream patches

MLIST - [oss-security] 20120605 memory allocator upstream patches

MISC - http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/

FEDORA - FEDORA-2012-9818

FEDORA - FEDORA-2012-9029

MANDRIVA - MDVSA-2013:065

Related Patches

Novell SUSE 2012:6507 boost security update for SLE 11 SP1 i586

Novell SUSE 2012:6507 boost security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8210 boost security update for SLE 10 SP4 i586

Novell SUSE 2012:8210 boost security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:54:58