Denial of Service Vulnerability in Boost Regex Library
CVE-2008-0172

Currently unrated

Key Information:

Vendor: Boost
Status: Boost
Vendor: CVE Published:; 17 January 2008

What is CVE-2008-0172?

The get_repeat_type function within the Boost.Regex library in versions 1.33 and 1.34 is susceptible to a denial of service vulnerability. Attackers can exploit this weakness by submitting a specially crafted invalid regular expression, which can lead to a NULL dereference and a subsequent crash of the application. This vulnerability emphasizes the need for robust input validation in applications utilizing regex functionalities to avoid service interruptions and maintain system integrity.

References

http://wiki.rpath.com/Advisories:rPSA-2008-0063

x_refsource_CONFIRM

http://secunia.com/advisories/48099

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/0249

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2008
Vulnerability Reserved
Jan 9, 2008

CVE-2008-0172 Data

JSON