Launchpad.net

CVE 2008-0172

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

Related bugs and status

CVE-2008-0172 (Candidate) is related to these bugs:

Bug #274837: Package patches have not been applied

Summary				In	Importance	Status
	274837	Package patches have not been applied		boost (Ubuntu)	Low	Triaged

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://bugs.gentoo.org...
CONFIRM: http://svn.boost.org/t...
CONFIRM: http://svn.boost.org/t...
CONFIRM: https://issues.rpath.c...
UBUNTU: USN-570-1
BID: 27325
FEDORA: FEDORA-2008-0880
SECUNIA: 28545
MANDRIVA: MDVSA-2008:032
SECUNIA: 28705
SECUNIA: 28511
SECUNIA: 28527
CONFIRM: http://wiki.rpath.com/...
GENTOO: GLSA-200802-08
SECUNIA: 28943
SECUNIA: 28860
SUSE: SUSE-SR:2008:006
SECUNIA: 29323
VUPEN: ADV-2008-0249
SECUNIA: 48099
BUGTRAQ: 20080213 rPSA-2008-006...