CVSS: 5.4EPSS: 0%CPEs: 9EXPL: 0CVE-2022-46149 – Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.
https://notcve.org/view.php?id=CVE-2022-46149
Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. • https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9 https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX https://lists.fedoraproj • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-2313
https://notcve.org/view.php?id=CVE-2015-2313
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312. Sandstorm Cap’n Proto en versiones anteriores a la 0.4.1.1 y en versiones 0.5.x anteriores a la 0.5.1.2, cuando una aplicación invoca el método totalSize en un lector de objetos, permite que pares remotos provoquen una denegación de servicio (consumo de CPU) mediante un mensaje pequeño manipulado, que desencadena un "tight" en bucle. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-2312. • http://www.openwall.com/lists/oss-security/2015/03/17/3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780568 https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-05-0-c%2B%2B-addl-cpu-amplification.md https://github.com/capnproto/capnproto/commit/80149744bdafa3ad4eedc83f8ab675e27baee868 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7892
https://notcve.org/view.php?id=CVE-2017-7892
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message. Sandstorm Cap'n Proto en versiones anteriores a 0.5.3.1 permite bloqueos a distancia relacionados con una optimización del compilador. • https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md • CWE-20: Improper Input Validation •