Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0252

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-0252
Last Modified 05 Dec 2013 12:22:26
Published 12 Mar 2013 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-0252

Summary

boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.

Vulnerable Systems

Application

  • Boost 1.48.0

  • Boost 1.49.0

  • Boost 1.50.0

  • Boost 1.51.0

  • Boost 1.52.0


References

CONFIRM - https://svn.boost.org/trac/boost/ticket/7743

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=907481

UBUNTU - USN-1727-1

BID - 57675

MLIST - [oss-security] 20130203 Re: CVE id request: boost

CONFIRM - http://www.boost.org/users/news/boost_locale_security_notice.html

FEDORA - FEDORA-2013-2448

FEDORA - FEDORA-2013-2420

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649

MANDRIVA - MDVSA-2013:065


Last Updated: 27 May 2016 11:02:02