CVE-2008-0172
Published Jan 17, 2008
Last updated 6 years ago
Overview
- Description
- The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses
- nvd@nist.gov
- CWE-20
Vendor comments
- Red HatThis issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0172 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B8517E55-4357-4AFD-B571-5533123CB014"
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "33904E65-D50D-4EAE-885D-FE2EBF535F18"
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F9A940B9-A553-4A0B-8ECF-52FD26894285"
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boost:boost:1.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7A527FE-ED5E-4C9A-823C-0D76B1885691"
},
{
"criteria": "cpe:2.3:a:boost:boost:1.34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9CAD8FD-3F47-4AA4-9B97-41892E58FB57"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]