CVE-2008-0172 - OpenCVE

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Ubuntu	Ubuntu Linux
Boost	Boost

Configuration 1 [-]

AND

OR	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:ubuntu:ubuntu_linux:7.10:::::::*

OR	cpe:2.3:a:boost:boost:1.33:::::::*
	cpe:2.3:a:boost:boost:1.34:::::::*

References

Link	Resource
http://bugs.gentoo.org/show_bug.cgi?id=205955
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
http://secunia.com/advisories/28511
http://secunia.com/advisories/28527
http://secunia.com/advisories/28545
http://secunia.com/advisories/28705
http://secunia.com/advisories/28860
http://secunia.com/advisories/28943
http://secunia.com/advisories/29323
http://secunia.com/advisories/48099
http://svn.boost.org/trac/boost/changeset/42674
http://svn.boost.org/trac/boost/changeset/42745
http://wiki.rpath.com/Advisories:rPSA-2008-0063
http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032
http://www.securityfocus.com/archive/1/488102/100/0/threaded
http://www.securityfocus.com/bid/27325
http://www.ubuntu.com/usn/usn-570-1
http://www.vupen.com/english/advisories/2008/0249
https://issues.rpath.com/browse/RPL-2143
https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-01-17T22:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2008-01-09T00:00:00

Link: CVE-2008-0172

JSON object: View

NVD Information

Status : Modified

Published: 2008-01-17T23:00:00.000

Modified: 2018-10-15T21:58:21.717

Link: CVE-2008-0172

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063"}, {"name": "48099", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48099"}, {"name": "ADV-2008-0249", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0249"}, {"name": "27325", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27325"}, {"name": "28860", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28860"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.boost.org/trac/boost/changeset/42745"}, {"name": "28943", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28943"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.boost.org/trac/boost/changeset/42674"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-2143"}, {"name": "FEDORA-2008-0880", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"}, {"name": "28511", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28511"}, {"name": "20080213 rPSA-2008-0063-1 boost", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded"}, {"name": "28705", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28705"}, {"name": "28545", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28545"}, {"name": "SUSE-SR:2008:006", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "GLSA-200802-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"}, {"name": "28527", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28527"}, {"name": "USN-570-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-570-1"}, {"name": "29323", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29323"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=205955"}, {"name": "MDVSA-2008:032", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0172", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0063", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063"}, {"name": "48099", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48099"}, {"name": "ADV-2008-0249", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0249"}, {"name": "27325", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27325"}, {"name": "28860", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28860"}, {"name": "http://svn.boost.org/trac/boost/changeset/42745", "refsource": "CONFIRM", "url": "http://svn.boost.org/trac/boost/changeset/42745"}, {"name": "28943", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28943"}, {"name": "http://svn.boost.org/trac/boost/changeset/42674", "refsource": "CONFIRM", "url": "http://svn.boost.org/trac/boost/changeset/42674"}, {"name": "https://issues.rpath.com/browse/RPL-2143", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-2143"}, {"name": "FEDORA-2008-0880", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"}, {"name": "28511", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28511"}, {"name": "20080213 rPSA-2008-0063-1 boost", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded"}, {"name": "28705", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28705"}, {"name": "28545", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28545"}, {"name": "SUSE-SR:2008:006", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"name": "GLSA-200802-08", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"}, {"name": "28527", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28527"}, {"name": "USN-570-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-570-1"}, {"name": "29323", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29323"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=205955", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205955"}, {"name": "MDVSA-2008:032", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0172", "datePublished": "2008-01-17T22:00:00", "dateReserved": "2008-01-09T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*", "matchCriteriaId": "B8517E55-4357-4AFD-B571-5533123CB014", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "33904E65-D50D-4EAE-885D-FE2EBF535F18", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "F9A940B9-A553-4A0B-8ECF-52FD26894285", "vulnerable": false}, {"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:boost:boost:1.33:*:*:*:*:*:*:*", "matchCriteriaId": "B7A527FE-ED5E-4C9A-823C-0D76B1885691", "vulnerable": true}, {"criteria": "cpe:2.3:a:boost:boost:1.34:*:*:*:*:*:*:*", "matchCriteriaId": "C9CAD8FD-3F47-4AA4-9B97-41892E58FB57", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression."}, {"lang": "es", "value": "La funci\u00f3n get_repeat_type en basic_regex_creator.hpp de la librer\u00eda de expresiones regulares (tambi\u00e9n conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegaci\u00f3n de servicio (referencia nula y ca\u00edda) mediante una expresi\u00f3n regular inv\u00e1lida."}], "id": "CVE-2008-0172", "lastModified": "2018-10-15T21:58:21.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-01-17T23:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=205955"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28511"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28527"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28545"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28705"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28860"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28943"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29323"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/48099"}, {"source": "cve@mitre.org", "url": "http://svn.boost.org/trac/boost/changeset/42674"}, {"source": "cve@mitre.org", "url": "http://svn.boost.org/trac/boost/changeset/42745"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27325"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-570-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0249"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-2143"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4.\n\nFor Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0172\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.", "lastModified": "2008-05-12T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}