vsomeip icon indicating copy to clipboard operation
vsomeip copied to clipboard

Published 20 hours ago verified publisher icon COVESA

Boost zlib Remote Code Execution Vulnerability

Open aelfisha opened this issue 3 years ago • 2 comments
trafficstars

It was announced that Boost C++ Libraries versions ≤ 1.77.0 have a "Remote Code Execution" vulnerability because of dependency on zlib. Is there any intention to update to the boost version >= 1.78.0?

An update to boost was done in 1.78.0 to mitigate the issue in zlib.

aelfisha avatar Jan 30 '22 14:01 aelfisha

@aelfisha Can you provide a link to the particular CVE or other reference to what you are thinking about?

In this search I did not find which one might apply: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=boost

Also did not find anything immediately in the release notes: https://www.boost.org/users/history/version_1_78_0.html

It was announced

Where was it announced, please?

gunnarx avatar Feb 03 '22 15:02 gunnarx

@gunnarx Can you please check the below link. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840

aelfisha avatar Feb 07 '22 14:02 aelfisha

Fixed on version 3.3.0 (master branch).

goncaloalmeida avatar Mar 15 '23 17:03 goncaloalmeida