EUVD-2013-0283

Malware in sbrugna...

Input validation

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

CVE-2013-0252

The CVE-2013-0252 entry concerns Boost.Locale’s boost::locale::utf::utf_traits, where Boost versions 1.48–1.52 fail to detect certain invalid UTF-8 sequences. This could allow bypassing input validation via crafted trailing bytes. Connected advisories (openSUSE, SUSE, Mandriva/MDVSA-2013:065, Fed...

CVE-2013-0252

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

Fedora 18 : boost-1.50.0-5.fc18 (2013-2448)

This update fixes classifying incomplete UTF-8 sequences in Boost.Locale. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

CVE-2013-0252

boost::locale::utf::utftraits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes...

Fedora 17 : boost-1.48.0-13.fc17 (2012-9818)

This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. - Boost.Locale library now contains backend code, which was left out before...