The OSTIF (Open Thanks for reading Technology Improvement Fund), created to strengthen the security of open source projects, published results library security audit Boost, used in many C++ projects. The audit that was carried out commissioned by OSTIF and Amazon Web Services by the Italian company Shielder, identified 7 problems, of which one was assigned a medium level of danger, and four were assigned a low level of danger, two problems were published in the form of information notes.
Libraries studied during the audit:
Advertisement
- Boost.Beast
- Boost.DLL
- Boost.Date_Time
- Boost.Filesystem
- Boost.GIL
- Boost.Graph
- Boost.JSON
- Boost.Program_Options
- Boost.Regex
- Boost.String_Algo
- Boost.URL
- Boost.UUID
Issues identified:
- A vulnerability in Boost.Beast that allows carriage return and line feed (CRLF) substitution in HTTP headers (can be used to split headers). The problem has been assigned a medium severity level.
- Stack overflow in the Boost.Regex library when performing recursive operations on multiple end_line elements in a regular expression.
- Stack overflow in the Boost.Regex library when performing recursive operations on multiple capture and join groups.
- Stack overflow in the Boost.Regex library when performing recursive operations on multiple open parentheses in a format string.
- Stack overflow in the Boost.Graph library when performing recursive operations on multiple nested graphs.
- Assert triggering in the breadth_first_search function from the Boost.Graph library.
- Uncaught exceptions in Boost.DLL.
Based on the information received from the audit, the Boost development team has already fixed 4 issues and made 15 improvements to improve the coverage of code and functionality during fuzz testing. The problem with title splitting in Boost.Beast has not yet been fixed and informational recommendations have not been taken into account.
Thanks for reading: