CVE-2008-0172

2008-01-1723:00:00

CWE-20

mitre

web.nvd.nist.gov

cve-2008-0172

boost

regex library

denial of service

null dereference

crash

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

Confidence

Low

EPSS

0.027

Percentile

90.6%

JSON

The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression.

Affected configurations

Nvd

Node

ubuntuubuntu_linuxMatch6.06_lts

ubuntuubuntu_linuxMatch6.10

ubuntuubuntu_linuxMatch7.04

ubuntuubuntu_linuxMatch7.10

AND

boostboostMatch1.33

boostboostMatch1.34

VendorProductVersionCPE
ubuntuubuntu_linux6.06_ltscpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:*:*:*:*:*:*:*
ubuntuubuntu_linux6.10cpe:2.3:o:ubuntu:ubuntu_linux:6.10:*:*:*:*:*:*:*
ubuntuubuntu_linux7.04cpe:2.3:o:ubuntu:ubuntu_linux:7.04:*:*:*:*:*:*:*
ubuntuubuntu_linux7.10cpe:2.3:o:ubuntu:ubuntu_linux:7.10:*:*:*:*:*:*:*
boostboost1.33cpe:2.3:a:boost:boost:1.33:*:*:*:*:*:*:*
boostboost1.34cpe:2.3:a:boost:boost:1.34:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ubuntu	ubuntu_linux	6.06_lts	cpe:2.3:o:ubuntu:ubuntu_linux:6.06_lts:::::::*
ubuntu	ubuntu_linux	6.10	cpe:2.3:o:ubuntu:ubuntu_linux:6.10:::::::*
ubuntu	ubuntu_linux	7.04	cpe:2.3:o:ubuntu:ubuntu_linux:7.04:::::::*
ubuntu	ubuntu_linux	7.10	cpe:2.3:o:ubuntu:ubuntu_linux:7.10:::::::*
boost	boost	1.33	cpe:2.3:a:boost:boost:1.33:::::::*
boost	boost	1.34	cpe:2.3:a:boost:boost:1.34:::::::*