CVE-2012-2677 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Pool

CWE-1895 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Boost Pool Msrc Azure Linux 3.0 ARM Msrc Azure Linux 3.0 X64

Timeline

PublishedJul 25

Latest updateDec 10

Description

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDboost/pool1.0.0+1

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

Patches

Patch: svn.boost.org ↗Patch: svn.boost.org ↗

🔴Vulnerability Details

GHSA

GHSA-rxj2-pmxv-j3x6: Integer overflow in the ordered_malloc function in boost/pool/pool↗2022-05-13

▶

📋Vendor Advisories

Microsoft

CVE-2012-2677: NIST NVD Details: https://nvd↗2024-12-10

▶

Red Hat

boost: ordered_malloc() overflow↗2012-06-05

▶

💬Community

Bugzilla

CVE-2012-2677 boost: ordered_malloc() overflow↗2012-06-05

▶