| Name | CVE-2013-0252 |
| Description | boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input validation protection mechanisms via crafted trailing bytes. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 699649, 699650 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| boost1.42 | source | (unstable) | (not affected) | |||
| boost1.49 | source | (unstable) | 1.49.0-3.2 | 699649 | ||
| boost1.50 | source | (unstable) | (unfixed) | 699650 |
- boost1.42 <not-affected> (Boost.Locale was not part of boost until 1.48.0, bug #699719)