Unrated severityNVD Advisory· Published Jul 25, 2012· Updated Apr 29, 2026

CVE-2012-2677

Description

Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool before 3.9 makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large memory chunk size value, which causes less memory to be allocated than expected.

Affected products

Boost/Pool2 versions
cpe:2.3:a:boost:pool:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:boost:pool:*:*:*:*:*:*:*:*range: <=1.0.0
- cpe:2.3:a:boost:pool:2.0.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

svn.boost.org/trac/boost/changeset/78326nvdExploitPatch
kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/nvd
lists.fedoraproject.org/pipermail/package-announce/2012-July/083416.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2012-June/082977.htmlnvd
www.mandriva.com/security/advisoriesnvd
www.openwall.com/lists/oss-security/2012/06/05/1nvd
www.openwall.com/lists/oss-security/2012/06/07/13nvd
security.gentoo.org/glsa/202105-04nvd
svn.boost.org/trac/boost/ticket/6701nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000