Integer Overflow Vulnerability in Boost Pool Allocator
CVE-2012-2677

Currently unrated

Key Information:

Vendor: Boost
Status: Pool
Vendor: CVE Published:; 25 July 2012

What is CVE-2012-2677?

An integer overflow vulnerability exists in the ordered_malloc function of Boost Pool before version 3.9. This flaw allows attackers to exploit the memory allocator by passing a large memory chunk size. If exploited, this can result in insufficient memory being allocated, which can facilitate memory-related attacks, including buffer overflows. Such vulnerabilities highlight the importance of careful parameter validation in memory allocation routines to prevent potential exploits.

References

https://svn.boost.org/trac/boost/changeset/78326

x_refsource_CONFIRM

http://kqueue.org/blog/2012/03/05/memory-allocator-securi...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2012/06/05/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2012
Vulnerability Reserved
May 14, 2012

CVE-2012-2677 Data

JSON