- Home
- CVEs with nessus.description==The boost packages provide free, peer-reviewed, portable C source
libraries with emphasis on libraries which work well with the C
Standard Library.
Invalid pointer dereference flaws were found in the way the Boost
regular expression library processed certain, invalid expressions. An
attacker able to make an application using the Boost library process a
specially crafted regular expression could cause that application to
crash or, potentially, execute arbitrary code with the privileges of
the user running the application. (CVE-2008-0171)
NULL pointer dereference flaws were found in the way the Boost regular
expression library processed certain, invalid expressions. An attacker
able to make an application using the Boost library process a
specially crafted regular expression could cause that application to
crash. (CVE-2008-0172)
This update also fixes the following bugs :
- Prior to this update, the construction of a regular
expression object could fail when several regular
expression objects were created simultaneously, such as
in a multi-threaded program. With this update, the
object variables have been moved from the shared memory
to the stack. Now, the constructing function is thread
safe.
- Prior to this update, header files in several Boost
libraries contained preprocessor directives that the GNU
Compiler Collection (GCC) 4.4 could not handle. This
update instead uses equivalent constructs that are
standard C.
All users of boost are advised to upgrade to these updated packages,
which fix these issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top