|
|
Boost Users : |
From: kamallochan Jena (kljena2050_at_[hidden])
Date: 2024-04-18 06:52:31
Hello everyone,
Hope you all are doing well.
There is a Vulnerability reported on Boost library as mentioned below. Any
guidance or assistance or reply to this mail would be greatly appreciated.
*Vulnerability ID:* BDSA-2018-2656
*Vulnerability Details:*
Boost has a flaw in the function
boost::re_detail_NUMBER::basic_regex_creator which can lead to a buffer
over-read. An attacker can craft and send a malicious file which will
trigger the buffer over-read, leading to a denial-of-service.
Few query w.r.t boost::re_detail_NUMBER::basic_regex_creator() function:
1. Does Boost.Regex library or any Boost library internally use this
function?
2. If the answer is yes, Which all libraries use this function?
3. Is this a known vulnerability and is it fixed in the latest Boost
version? please provide some insights like (any change list or file name
etc).
Our project uses a boost library(which has file
"boost/regex/v4/basic_regex_creator.hpp") and uses Boost.Regex library
functions. *Should we be worried about this vulnerability (BDSA-2018-2656)
affecting our code? *
Thanks!
Boost-users list run by williamkempf at hotmail.com, kalb at libertysoft.com, bjorn.karlsson at readsoft.com, gregod at cs.rpi.edu, wekempf at cox.net