CVE Vulnerabilities

CVE-2012-2677

Published: Jul 25, 2012 | Modified: May 26, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5.1 MODERATE
AV:N/AC:H/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.

Affected Software

Name Vendor Start Version End Version
Pool Boost 2.0.0 2.0.0
Pool Boost * 1.0.0
Red Hat Enterprise Linux 5 RedHat boost-0:1.33.1-16.el5_9 *
Red Hat Enterprise Linux 6 RedHat boost-0:1.41.0-15.el6_4 *
Boost Ubuntu hardy *
Boost1.40 Ubuntu lucid *
Boost1.42 Ubuntu natty *
Boost1.42 Ubuntu oneiric *
Boost1.46 Ubuntu oneiric *
Boost1.46 Ubuntu precise *
Boost1.46 Ubuntu precise/esm *
Boost1.48 Ubuntu precise *
Boost1.49 Ubuntu upstream *
Boost1.50 Ubuntu quantal *

References