Boost.Locale Library UTF-8 Input Validation Issues in Boost
CVE-2013-0252

Currently unrated

Key Information:

Vendor: Boost
Status: Boost
Vendor: CVE Published:; 12 March 2013

What is CVE-2013-0252?

The Boost.Locale library, versions 1.48 to 1.52, contains a flaw in the handling of invalid UTF-8 sequences. This vulnerability allows remote attackers to bypass input validation mechanisms by supplying specially crafted trailing bytes. Such an exploit can lead to unauthorized operations within applications utilizing the Boost.Locale library, emphasizing the need for prompt updates to mitigate associated risks.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://www.securityfocus.com/bid/57675

vdb-entryx_refsource_BID

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2013
Vulnerability Reserved
Dec 6, 2012

CVE-2013-0252 Data

JSON