CVE-2015-2311Integer Underflow (Wrap or Wraparound) in Capnproto

CWE-191Integer Underflow (Wrap or Wraparound)CWE-125Out-of-bounds ReadCWE-416Use After FreeCWE-352Cross-Site Request ForgeryCWE-305Authentication Bypass by Primary WeaknessCWE-122Heap-based Buffer OverflowCWE-704Incorrect Type Conversion or CastCWE-787Out-of-bounds Write21 documents6 sources
Severity
9.8CRITICALNVD
EPSS
1.0%
top 23.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CapnprotoDebian Capnproto
Timeline
PublishedAug 9
Latest updateMay 17

Description

Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

debiandebian/capnproto< capnproto 0.4.1-3 (bookworm)
Debiancapnproto/capnproto< 0.4.1-3+3
NVDcapnproto/capnproto0.4.1.0+2

🔴Vulnerability Details

2
GHSA
GHSA-w3xw-rq95-8jcw: Integer underflow in Sandstorm Cap'n Proto before 02022-05-17
OSV
CVE-2015-2311: Integer underflow in Sandstorm Cap'n Proto before 02017-08-09

💥Exploits & PoCs

4
Exploit-DB
Adobe Flash - Out-of-Bounds Read in UTF Conversion2015-08-19
Exploit-DB
Adobe Flash AS2 - textfield.filters Use-After-Free (2)2015-08-19
Exploit-DB
Adobe Flash AS2 - MovieClip.scrollRect Use-After-Free2015-08-19
Exploit-DB
Adobe Flash AS2 - Color.setRGB Use-After-Free2015-08-19

📋Vendor Advisories

14
Red Hat
chromium-browser: Out-of-bounds read in WebGL2015-04-14
Red Hat
chromium-browser: Use-after-free in IPC2015-04-14
Red Hat
chromium-browser: Cross-origin-bypass in Blink2015-04-14
Red Hat
chromium-browser: HSTS bypass in WebSockets2015-04-14
Red Hat
chromium-browser: Cross-origin-bypass in HTML parser2015-04-14
CVE-2015-2311 — Integer Underflow (Wrap or Wraparound) | cvebase