CVE-2012-2677

NameCVE-2012-2677
DescriptionInteger overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: remote)
Debian Bugs677197, 688331

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
boost1.42source(unstable)(unfixed)low688331
boost1.49source(unstable)1.49.0-3.1low677197

Notes

[squeeze] - boost1.42 <no-dsa> (Minor issue)

Search for package or bug name: Reporting problems