- Description
- boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.
- Source
- secalert@redhat.com
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boost:boost:1.48.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ECF5C3C6-3635-48C0-8D5B-1E32622C14BA"
},
{
"criteria": "cpe:2.3:a:boost:boost:1.49.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD95A10D-F736-4DF9-87C9-35B4010FF1E6"
},
{
"criteria": "cpe:2.3:a:boost:boost:1.50.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02F34CAC-73C5-4965-BE43-1B3C6A4E9985"
},
{
"criteria": "cpe:2.3:a:boost:boost:1.51.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D61F79D8-D2F6-467E-826D-29582E4E2338"
},
{
"criteria": "cpe:2.3:a:boost:boost:1.52.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E34C87F-0C63-4A51-95A7-DA8476151059"
}
],
"operator": "OR"
}
]
}
]