MidnightBSD

Advisories for boost

CVE-2013-0252 MEDIUM

boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
boost boost 1.48.0
boost boost 1.50.0
boost boost 1.52.0
boost boost 1.49.0
boost boost 1.51.0
CVE-2016-9840 MEDIUM

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
redhat enterprise_linux_eus 7.5
apple mac_os_x *
redhat satellite 5.8
oracle mysql *
opensuse leap 42.2
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 7.0
oracle jdk 1.8.0
apple tvos *
opensuse opensuse 13.2
oracle jdk 1.6.0
opensuse leap 42.1
oracle jre 1.7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_server 6.0
apple watchos *
oracle database_server 18c
redhat enterprise_linux_workstation 7.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
oracle jre 1.8.0
canonical ubuntu_linux 16.04
nodejs node.js *
apple iphone_os *
boost boost *
oracle jdk 1.7.0
zlib zlib *
oracle jre 1.6.0
redhat enterprise_linux_eus 7.4