- Description
- regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:N/A:P
- nvd@nist.gov
- CWE-20
- Hype score
- Not currently trending
- Red HatThis issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0171 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:boost:boost:1.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7A527FE-ED5E-4C9A-823C-0D76B1885691"
},
{
"criteria": "cpe:2.3:a:boost:boost:1.34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9CAD8FD-3F47-4AA4-9B97-41892E58FB57"
},
{
"criteria": "cpe:2.3:a:boost:boost_regex_library:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81538702-CFC1-4A99-96B9-F8745F8D1D53"
}
],
"operator": "OR"
}
]
}
]