CVE-2012-2677: Buffer Overflow
First published: Wed Jul 25 2012(Updated: )
Boost is vulnerable to a buffer overflow, caused by improper bounds checking by the ordered_malloc() function. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Boost Pool | <=1.0.0 | |
| Boost Pool | =2.0.0 | |
| IBM IBM® Db2® on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data | <=v3.5 through refresh 10v4.0 through refresh 9v4.5 through refresh 3v4.6 through refresh 6v4.7 through refresh 4v4.8 through refresh 4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
- http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083416.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:065
- http://www.openwall.com/lists/oss-security/2012/06/05/1
- http://www.openwall.com/lists/oss-security/2012/06/07/13
- https://security.gentoo.org/glsa/202105-04
- https://svn.boost.org/trac/boost/changeset/78326
- https://svn.boost.org/trac/boost/ticket/6701
- https://exchange.xforce.ibmcloud.com/vulnerabilities/76650
- https://www.ibm.com/support/pages/node/7155078 (Advisory)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/boost
- canonical/boost pool
- version/boost pool/1.0.0
- version/boost pool/2.0.0
- vendor/ibm
- canonical/ibm ibm® db2® on cloud pak for data and db2 warehouse on cloud pak for data
- version/ibm ibm® db2® on cloud pak for data and db2 warehouse on cloud pak for data/v3.5 through refresh 10v4.0 through refresh 9v4.5 through refresh 3v4.6 through refresh 6v4.7 through refresh 4v4.8 through refresh 4