CVE-2022-46149 — Out-of-bounds Read in Capnp

CWE-125 — Out-of-bounds Read7 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 61.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Capnproto Capnproto Capnp Debian Capnproto +2 more

Timeline

PublishedNov 30

Latest updateDec 5

Description

Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:LExploitability: 2.8 | Impact: 2.5

Affected Packages7 packages

▶NVDcapnproto/capnp0.14.0 — 0.14.11+2

▶crates.iocapnproto/capnp0.15.0 — 0.15.2+5

▶debiandebian/capnproto< capnproto 0.9.2-2 (bookworm)

▶NVDcapnproto/capnproto0.9.0 — 0.9.2+3

▶Debiancapnproto/capnproto< 0.9.2-2+2

Also affects: Fedora 36, 37

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list↗2022-12-05

▶

OSV

Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list↗2022-12-05

▶

OSV

CVE-2022-46149: Cap'n Proto is a data interchange format and remote procedure call (RPC) system↗2022-11-30

▶

OSV

out-of-bounds read possible when setting list-of-pointers↗2022-11-30

▶

📋Vendor Advisories

Red Hat

capnproto: out of bounds read when handling a list of lists.↗2022-11-30

▶

Debian

CVE-2022-46149: capnproto - Cap'n Proto is a data interchange format and remote procedure call (RPC) system....↗2022

▶