CVE-2008-0172: Input Validation

Published Jan 17, 2008

Updated

The getrepeattype function in basicregexcreator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

Affected Software

6 affected components

Ubuntu Ubuntu Linux=6.06_lts

Ubuntu Ubuntu Linux=6.10

Ubuntu Ubuntu Linux=7.04

Ubuntu Ubuntu Linux=7.10

boost boost=1.33

boost boost=1.34

Event History

Jan 17, 2008

CVE Published

via MITRE·10:00 PM

Data Sourced

via MITRE·10:00 PM

Description

Data Sourced

11:00 PM

DescriptionWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2008-0172?

CVE-2008-0172 has a severity rating that indicates it can lead to a denial of service due to a NULL dereference and application crash.

How can I mitigate CVE-2008-0172?

To mitigate CVE-2008-0172, update to a fixed version of the Boost.Regex library, specifically version 1.35 or later.

Which versions of Boost are affected by CVE-2008-0172?

CVE-2008-0172 specifically affects Boost versions 1.33 and 1.34.

What types of attacks does CVE-2008-0172 allow?

CVE-2008-0172 allows context-dependent attackers to cause a denial of service by inputting an invalid regular expression.

Is Ubuntu Linux vulnerable to CVE-2008-0172?

The specific versions of Ubuntu Linux mentioned are not vulnerable to CVE-2008-0172, as they do not use the affected Boost library versions.

CVE-2008-0172: Input Validation

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2008-0172?

How can I mitigate CVE-2008-0172?

Which versions of Boost are affected by CVE-2008-0172?

What types of attacks does CVE-2008-0172 allow?

Is Ubuntu Linux vulnerable to CVE-2008-0172?

Company

Resources

Contact