FKIE_CVE-2008-0172

Vulnerability from fkie_nvd - Published: 2008-01-17 23:00 - Updated: 2025-04-09 00:30
Severity ?
Summary
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.
References
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=205955
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
cve@mitre.orghttp://secunia.com/advisories/28511
cve@mitre.orghttp://secunia.com/advisories/28527
cve@mitre.orghttp://secunia.com/advisories/28545
cve@mitre.orghttp://secunia.com/advisories/28705
cve@mitre.orghttp://secunia.com/advisories/28860
cve@mitre.orghttp://secunia.com/advisories/28943
cve@mitre.orghttp://secunia.com/advisories/29323
cve@mitre.orghttp://secunia.com/advisories/48099
cve@mitre.orghttp://svn.boost.org/trac/boost/changeset/42674
cve@mitre.orghttp://svn.boost.org/trac/boost/changeset/42745
cve@mitre.orghttp://wiki.rpath.com/Advisories:rPSA-2008-0063
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200802-08.xml
cve@mitre.orghttp://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032
cve@mitre.orghttp://www.securityfocus.com/archive/1/488102/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/27325
cve@mitre.orghttp://www.ubuntu.com/usn/usn-570-1
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0249
cve@mitre.orghttps://issues.rpath.com/browse/RPL-2143
cve@mitre.orghttps://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=205955
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28511
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28527
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28545
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28705
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28860
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28943
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29323
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48099
af854a3a-2127-422b-91ae-364da2661108http://svn.boost.org/trac/boost/changeset/42674
af854a3a-2127-422b-91ae-364da2661108http://svn.boost.org/trac/boost/changeset/42745
af854a3a-2127-422b-91ae-364da2661108http://wiki.rpath.com/Advisories:rPSA-2008-0063
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/488102/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27325
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-570-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0249
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-2143
af854a3a-2127-422b-91ae-364da2661108https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html
Impacted products
Vendor Product Version
ubuntu ubuntu_linux 6.06_lts
ubuntu ubuntu_linux 6.10
ubuntu ubuntu_linux 7.04
ubuntu ubuntu_linux 7.10
boost boost 1.33
boost boost 1.34
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8517E55-4357-4AFD-B571-5533123CB014",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "33904E65-D50D-4EAE-885D-FE2EBF535F18",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A940B9-A553-4A0B-8ECF-52FD26894285",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "06FD8602-7069-41C6-B65C-84928EDCE2D6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:boost:boost:1.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7A527FE-ED5E-4C9A-823C-0D76B1885691",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:boost:boost:1.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9CAD8FD-3F47-4AA4-9B97-41892E58FB57",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n get_repeat_type en basic_regex_creator.hpp de la librer\u00eda de expresiones regulares (tambi\u00e9n conocido como Boost.Regex) de Boost 1.33 y 1.34 permite a atacantes remotos dependientes de contexto provocar una denegaci\u00f3n de servicio (referencia nula y ca\u00edda) mediante una expresi\u00f3n regular inv\u00e1lida."
    }
  ],
  "id": "CVE-2008-0172",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-17T23:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=205955"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28511"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28527"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28545"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28705"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28860"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/28943"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/29323"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/48099"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.boost.org/trac/boost/changeset/42674"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.boost.org/trac/boost/changeset/42745"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27325"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-570-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0249"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://issues.rpath.com/browse/RPL-2143"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=205955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/28943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29323"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.boost.org/trac/boost/changeset/42674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.boost.org/trac/boost/changeset/42745"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200802-08.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/488102/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-570-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0249"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-2143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00760.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4.\n\nFor Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0172\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.",
      "lastModified": "2008-05-12T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.