You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi
We conduct a software composition analysis scan by Black Duck hub and we found the following :
(1) BDSA-2018-2656
Boost has a flaw in the function boost::re_detail_NUMBER::basic_regex_creator which can lead to a buffer over-read. An attacker can craft and send a malicious file which will trigger the buffer over-read, leading to a denial-of-service.
The vulnerability can be exploited by local attackers via import of a maliciously crafted file or by remote attackers that send the file to a victim. The Boost software will crash when the file is imported into the library.
Details: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6708
(2) BDSA-2018-1263
Boost incorrectly casts from "boost::detail::shared_count::shared_count" to "boost::detail::sp_counted_base" causing type confusion leading to a denial-of-service (DoS).
Details: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4680
Please advise if the following has a patch.
The text was updated successfully, but these errors were encountered:
Question
Hi
We conduct a software composition analysis scan by Black Duck hub and we found the following :
(1) BDSA-2018-2656
Boost has a flaw in the function boost::re_detail_NUMBER::basic_regex_creator which can lead to a buffer over-read. An attacker can craft and send a malicious file which will trigger the buffer over-read, leading to a denial-of-service.
The vulnerability can be exploited by local attackers via import of a maliciously crafted file or by remote attackers that send the file to a victim. The Boost software will crash when the file is imported into the library.
Details:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6708
(2) BDSA-2018-1263
Boost incorrectly casts from "boost::detail::shared_count::shared_count" to "boost::detail::sp_counted_base" causing type confusion leading to a denial-of-service (DoS).
Details:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4680
Please advise if the following has a patch.
The text was updated successfully, but these errors were encountered: