CVE-2015-2310Integer Overflow or Wraparound in Capnproto

CWE-190Integer Overflow or Wraparound4 documents4 sources
Severity
9.1CRITICALNVD
EPSS
0.5%
top 34.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CapnprotoDebian Capnproto
Timeline
PublishedAug 9
Latest updateMay 13

Description

Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

debiandebian/capnproto< capnproto 0.4.1-3 (bookworm)
NVDcapnproto/capnproto0.5.00.5.1.1+1
Debiancapnproto/capnproto< 0.4.1-3+3

🔴Vulnerability Details

2
GHSA
GHSA-f93h-h245-gfpc: Integer overflow in layout2022-05-13
OSV
CVE-2015-2310: Integer overflow in layout2017-08-09

📋Vendor Advisories

1
Debian
CVE-2015-2310: capnproto - Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x...2015
CVE-2015-2310 — Integer Overflow or Wraparound | cvebase