CVE-2008-0171
Summary
| CVE | CVE-2008-0171 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-01-17 23:00:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
NoneAvailability
PartialAV:N/AC:L/Au:N/C:N/I:N/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Changeset 42674 – Boost C++ Libraries | af854a3a-2127-422b-91ae-364da2661108 | svn.boost.org | Exploit |
| Gentoo update for boost - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| SUSE Update for Multiple Packages - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Fedora update for boost - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Gentoo Bug 205955 - dev-libs/boost < 1.34.1-r2 Two DoS vulnerabilities (CVE-2008-{0171,0172}) | af854a3a-2127-422b-91ae-364da2661108 | bugs.gentoo.org | |
| Boost: Denial of Service — Gentoo Linux Documentation | af854a3a-2127-422b-91ae-364da2661108 | www.gentoo.org | |
| Boost Library Regular Expression Remote Denial of Service Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| [SECURITY] Fedora 7 Update: boost-1.33.1-15.fc7 | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:006 | af854a3a-2127-422b-91ae-364da2661108 | lists.opensuse.org | |
| USN-570-1: boost vulnerabilities | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Changeset 42745 – Boost C++ Libraries | af854a3a-2127-422b-91ae-364da2661108 | svn.boost.org | Exploit |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| wiki.rpath.com/Advisories:rPSA-2008-0063 | af854a3a-2127-422b-91ae-364da2661108 | wiki.rpath.com | |
| Advisories | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Boost Regular Expressions Denial of Service Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| issues.rpath.com/browse/RPL-2143 | af854a3a-2127-422b-91ae-364da2661108 | issues.rpath.com | |
| Mandriva update for boost - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| rPath update for boost - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Ubuntu update for boost - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Security Advisory SA48099 - Red Hat update for boost - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2008-05-12 | Mark J Cox | This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4. For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0171 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. |
There are currently no legacy QID mappings associated with this CVE.