GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 26, 2021 10:26 am Post subject: [ GLSA 202105-04 ] Boost |
 |
|
Gentoo Linux Security Advisory
Title: Boost: Buffer overflow (GLSA 202105-04)
Severity: normal
Exploitable: local, remote
Date: 2021-05-26
Bug(s): #620468
ID: 202105-04
Synopsis
A buffer overflow in Boost might allow remote attacker(s) to
execute arbitrary code.
Background
Boost is a set of C++ libraries, including the Boost.Regex library to
process regular expressions.
Affected Packages
Package: dev-libs/boost
Vulnerable: < 1.74.0-r2
Unaffected: >= 1.74.0-r2
Architectures: All supported architectures
Description
It was discovered that Boost incorrectly sanitized ‘next_size’ and
‘max_size’ parameter in ordered_malloc() function when allocating
memory.
Impact
A remote attacker could provide a specially crafted application-specific
file (requiring runtime memory allocation to be processed correctly),
that, when opened with an application using Boost C++ source libraries,
possibly resulting in execution of arbitrary code with the privileges of
the process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Boost users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/boost-1.74.0-r2"
|
References
CVE-2012-2677 |
|
News & Announcements
