boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| boost | boost | 1.48.0 |
| boost | boost | 1.50.0 |
| boost | boost | 1.52.0 |
| boost | boost | 1.49.0 |
| boost | boost | 1.51.0 |
inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_eus | 7.5 |
| apple | mac_os_x | * |
| redhat | satellite | 5.8 |
| oracle | mysql | * |
| opensuse | leap | 42.2 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| oracle | jdk | 1.8.0 |
| apple | tvos | * |
| opensuse | opensuse | 13.2 |
| oracle | jdk | 1.6.0 |
| opensuse | leap | 42.1 |
| oracle | jre | 1.7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_server | 6.0 |
| apple | watchos | * |
| oracle | database_server | 18c |
| redhat | enterprise_linux_workstation | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 18.04 |
| oracle | jre | 1.8.0 |
| canonical | ubuntu_linux | 16.04 |
| nodejs | node.js | * |
| apple | iphone_os | * |
| boost | boost | * |
| oracle | jdk | 1.7.0 |
| zlib | zlib | * |
| oracle | jre | 1.6.0 |
| redhat | enterprise_linux_eus | 7.4 |