CVE-2013-0252

boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html
http://www.boost.org/users/news/boost_locale_security_notice.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:065
http://www.openwall.com/lists/oss-security/2013/02/04/2
http://www.securityfocus.com/bid/57675
http://www.ubuntu.com/usn/USN-1727-1
https://bugzilla.redhat.com/show_bug.cgi?id=907481
https://svn.boost.org/trac/boost/ticket/7743
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html
http://www.boost.org/users/news/boost_locale_security_notice.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:065
http://www.openwall.com/lists/oss-security/2013/02/04/2
http://www.securityfocus.com/bid/57675
http://www.ubuntu.com/usn/USN-1727-1
https://bugzilla.redhat.com/show_bug.cgi?id=907481
https://svn.boost.org/trac/boost/ticket/7743

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:boost:boost:1.48.0:::::::*
	cpe:2.3:a:boost:boost:1.49.0:::::::*
	cpe:2.3:a:boost:boost:1.50.0:::::::*
	cpe:2.3:a:boost:boost:1.51.0:::::::*
	cpe:2.3:a:boost:boost:1.52.0:::::::*

History

21 Nov 2024, 01:47

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649 -
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650 -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html -
References	~~() http://www.boost.org/users/news/boost_locale_security_notice.html -~~	() http://www.boost.org/users/news/boost_locale_security_notice.html -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2013:065 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2013:065 -
References	~~() http://www.openwall.com/lists/oss-security/2013/02/04/2 -~~	() http://www.openwall.com/lists/oss-security/2013/02/04/2 -
References	~~() http://www.securityfocus.com/bid/57675 -~~	() http://www.securityfocus.com/bid/57675 -
References	~~() http://www.ubuntu.com/usn/USN-1727-1 -~~	() http://www.ubuntu.com/usn/USN-1727-1 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=907481 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=907481 -
References	~~() https://svn.boost.org/trac/boost/ticket/7743 -~~	() https://svn.boost.org/trac/boost/ticket/7743 -

Information

Published : 2013-03-12 22:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-0252

Mitre link : CVE-2013-0252

CVE.ORG link : CVE-2013-0252

JSON object : View

Products Affected

boost

boost

CWE

CWE-20

Improper Input Validation

5.0 /10