5

CVE-2013-0252

boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
BoostBoost Version1.48.0
BoostBoost Version1.49.0
BoostBoost Version1.50.0
BoostBoost Version1.51.0
BoostBoost Version1.52.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.87% 0.85
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.mandriva.com/security/advisories?name=MDVSA-2013:065
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699649
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699650
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099103.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099122.html
http://www.boost.org/users/news/boost_locale_security_notice.html
http://www.openwall.com/lists/oss-security/2013/02/04/2
http://www.securityfocus.com/bid/57675
http://www.ubuntu.com/usn/USN-1727-1
https://bugzilla.redhat.com/show_bug.cgi?id=907481
https://svn.boost.org/trac/boost/ticket/7743