|
Boost : |
Subject: Re: [boost] [Locale] Security bug announcement - UTF-8 validation
From: Mathias Gaunard (mathias.gaunard_at_[hidden])
Date: 2013-01-04 11:23:09
On 04/01/13 16:00, Jookia wrote:
> Hello,
>
> Pardon my ignorance, but how would an invalid UTF-8 sequence cause a
> security threat? All I can think it would do is create garbage.
Different software treat malformed UTF-8 sequences differently. One
piece of software may consider that the sequence contains some special
characters while others might not.
This can be used for SQL injection among others.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk