ID CVE-2012-2677
Summary Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
References
Vulnerable Configurations
  • cpe:2.3:a:boost:pool:2.0.0
    cpe:2.3:a:boost:pool:2.0.0
  • cpe:2.3:a:boost:pool:1.0.0
    cpe:2.3:a:boost:pool:1.0.0
CVSS
Base: 5.0 (as of 07-10-2013 - 12:56)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0668.NASL
    description From Red Hat Security Advisory 2013:0668 : Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677) All users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.
    last seen 2019-02-21
    modified 2016-05-06
    plugin id 68794
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68794
    title Oracle Linux 5 / 6 : boost (ELSA-2013-0668)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL16946.NASL
    description Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected. (CVE-2012-2677)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 85954
    published 2015-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85954
    title F5 Networks BIG-IP : Boost memory allocator vulnerability (K16946)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-9029.NASL
    description - This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. - Add a sub-package boost-math with math-related bits from Boost.TR1. This was left out by mistake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-05-09
    plugin id 59840
    published 2012-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59840
    title Fedora 16 : boost-1.47.0-7.fc16 (2012-9029)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_BOOST-8210.NASL
    description Two problems have been fixed in the boost library : - boost::pool's ordered_malloc could have overflowed when calculating the allocation size. (CVE-2012-2677) - fully qualify the the boost::date_time::dst_adjustment_offsets (non security).
    last seen 2019-02-21
    modified 2012-07-27
    plugin id 59983
    published 2012-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59983
    title SuSE 10 Security Update : boost (ZYPP Patch Number 8210)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0668.NASL
    description Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677) All users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65651
    published 2013-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65651
    title RHEL 5 / 6 : boost (RHSA-2013:0668)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-065.NASL
    description Updated boost packages fix security vulnerability : A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters sanitization, when allocating memory. If an application, using the Boost C++ source libraries for memory allocation, was missing application-level checks for safety of 'next_size' and 'max_size' values, a remote attacker could provide a specially crafted application-specific file (requiring runtime memory allocation it to be processed correctly) that, when opened would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application (CVE-2012-2677). Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw (CVE-2013-0252): boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequece would be considered as valid. The package has been patched to fix above security flaw.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66079
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66079
    title Mandriva Linux Security Advisory : boost (MDVSA-2013:065)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0668.NASL
    description Updated boost packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The boost packages provide free, peer-reviewed, portable C++ source libraries with emphasis on libraries which work well with the C++ Standard Library. A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677) All users of boost are advised to upgrade to these updated packages, which contain a backported patch to fix this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 65644
    published 2013-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65644
    title CentOS 5 / 6 : boost (CESA-2013:0668)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130321_BOOST_ON_SL5_X.NASL
    description A flaw was found in the way the ordered_malloc() routine in Boost sanitized the 'next_size' and 'max_size' parameters when allocating memory. If an application used the Boost C++ libraries for memory allocation, and performed memory allocation based on user-supplied input, an attacker could use this flaw to crash the application or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-2677)
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 65653
    published 2013-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65653
    title Scientific Linux Security Update : boost on SL5.x, SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_BOOST-120705.NASL
    description The following issue has been fixed : - boost::pool's ordered_malloc could have overflowed when calculating the allocation size. (CVE-2012-2677)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64117
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64117
    title SuSE 11.1 Security Update : boost (SAT Patch Number 6507)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-9818.NASL
    description - This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. - Boost.Locale library now contains backend code, which was left out before by mistake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 59745
    published 2012-06-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59745
    title Fedora 17 : boost-1.48.0-13.fc17 (2012-9818)
redhat via4
advisories
bugzilla
id 828856
title CVE-2012-2677 boost: ordered_malloc() overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment boost is earlier than 0:1.33.1-16.el5_9
          oval oval:com.redhat.rhsa:tst:20130668002
        • comment boost is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20120305003
      • AND
        • comment boost-devel is earlier than 0:1.33.1-16.el5_9
          oval oval:com.redhat.rhsa:tst:20130668006
        • comment boost-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20120305007
      • AND
        • comment boost-doc is earlier than 0:1.33.1-16.el5_9
          oval oval:com.redhat.rhsa:tst:20130668004
        • comment boost-doc is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20120305005
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment boost is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668012
        • comment boost is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668013
      • AND
        • comment boost-date-time is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668024
        • comment boost-date-time is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668025
      • AND
        • comment boost-devel is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668016
        • comment boost-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668017
      • AND
        • comment boost-doc is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668038
        • comment boost-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668039
      • AND
        • comment boost-filesystem is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668044
        • comment boost-filesystem is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668045
      • AND
        • comment boost-graph is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668036
        • comment boost-graph is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668037
      • AND
        • comment boost-graph-mpich2 is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668058
        • comment boost-graph-mpich2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668059
      • AND
        • comment boost-graph-openmpi is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668034
        • comment boost-graph-openmpi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668035
      • AND
        • comment boost-iostreams is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668050
        • comment boost-iostreams is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668051
      • AND
        • comment boost-math is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668014
        • comment boost-math is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668015
      • AND
        • comment boost-mpich2 is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668060
        • comment boost-mpich2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668061
      • AND
        • comment boost-mpich2-devel is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668056
        • comment boost-mpich2-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668057
      • AND
        • comment boost-mpich2-python is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668062
        • comment boost-mpich2-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668063
      • AND
        • comment boost-openmpi is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668052
        • comment boost-openmpi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668053
      • AND
        • comment boost-openmpi-devel is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668026
        • comment boost-openmpi-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668027
      • AND
        • comment boost-openmpi-python is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668048
        • comment boost-openmpi-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668049
      • AND
        • comment boost-program-options is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668028
        • comment boost-program-options is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668029
      • AND
        • comment boost-python is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668042
        • comment boost-python is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668043
      • AND
        • comment boost-regex is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668030
        • comment boost-regex is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668031
      • AND
        • comment boost-serialization is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668022
        • comment boost-serialization is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668023
      • AND
        • comment boost-signals is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668032
        • comment boost-signals is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668033
      • AND
        • comment boost-static is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668040
        • comment boost-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668041
      • AND
        • comment boost-system is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668018
        • comment boost-system is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668019
      • AND
        • comment boost-test is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668046
        • comment boost-test is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668047
      • AND
        • comment boost-thread is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668020
        • comment boost-thread is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668021
      • AND
        • comment boost-wave is earlier than 0:1.41.0-15.el6_4
          oval oval:com.redhat.rhsa:tst:20130668054
        • comment boost-wave is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20130668055
rhsa
id RHSA-2013:0668
released 2013-03-21
severity Moderate
title RHSA-2013:0668: boost security update (Moderate)
rpms
  • boost-0:1.33.1-16.el5_9
  • boost-devel-0:1.33.1-16.el5_9
  • boost-doc-0:1.33.1-16.el5_9
  • boost-0:1.41.0-15.el6_4
  • boost-date-time-0:1.41.0-15.el6_4
  • boost-devel-0:1.41.0-15.el6_4
  • boost-doc-0:1.41.0-15.el6_4
  • boost-filesystem-0:1.41.0-15.el6_4
  • boost-graph-0:1.41.0-15.el6_4
  • boost-graph-mpich2-0:1.41.0-15.el6_4
  • boost-graph-openmpi-0:1.41.0-15.el6_4
  • boost-iostreams-0:1.41.0-15.el6_4
  • boost-math-0:1.41.0-15.el6_4
  • boost-mpich2-0:1.41.0-15.el6_4
  • boost-mpich2-devel-0:1.41.0-15.el6_4
  • boost-mpich2-python-0:1.41.0-15.el6_4
  • boost-openmpi-0:1.41.0-15.el6_4
  • boost-openmpi-devel-0:1.41.0-15.el6_4
  • boost-openmpi-python-0:1.41.0-15.el6_4
  • boost-program-options-0:1.41.0-15.el6_4
  • boost-python-0:1.41.0-15.el6_4
  • boost-regex-0:1.41.0-15.el6_4
  • boost-serialization-0:1.41.0-15.el6_4
  • boost-signals-0:1.41.0-15.el6_4
  • boost-static-0:1.41.0-15.el6_4
  • boost-system-0:1.41.0-15.el6_4
  • boost-test-0:1.41.0-15.el6_4
  • boost-thread-0:1.41.0-15.el6_4
  • boost-wave-0:1.41.0-15.el6_4
refmap via4
confirm
fedora
  • FEDORA-2012-9029
  • FEDORA-2012-9818
mandriva MDVSA-2013:065
misc http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
mlist
  • [oss-security] 20120605 memory allocator upstream patches
  • [oss-security] 20120607 Re: memory allocator upstream patches
Last major update 05-12-2013 - 00:14
Published 25-07-2012 - 15:55
Back to Top