cpe:/a:boost:pool:1.0.0 cpe:/a:boost:pool:2.0.0 CVE-2012-2677 2012-07-25T15:55:03.023-04:00 2013-12-05T00:14:10.157-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2013-10-07T12:56:02.853-04:00 FEDORA FEDORA-2012-9029 FEDORA FEDORA-2012-9818 MANDRIVA MDVSA-2013:065 MLIST [oss-security] 20120605 memory allocator upstream patches MLIST [oss-security] 20120607 Re: memory allocator upstream patches MISC http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/ CONFIRM https://svn.boost.org/trac/boost/changeset/78326 CONFIRM https://svn.boost.org/trac/boost/ticket/6701 Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.