ALT-PU-2023-8418-2

Package update poco in branch sisyphus

Version1.12.5p1-alt1

Published2026-02-04

Max severityCRITICAL

Severity:

Closed issues (2)

CRITICAL9.8

Уязвимость функций convert() и queryConvert() коллекции библиотек классов POCO языка программирования C++, позволяющая нарушителю выполнить произвольный код

Published: 2025-04-23

CVSS 3.xCRITICAL 9.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2023-52389

CRITICAL9.8

UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.

Published: 2024-01-27Modified: 2025-05-29

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References