RUSTSEC-2022-0068
out-of-bounds read possible when setting list-of-pointers
- Reported
- Issued
- Package
- capnp (crates.io)
- Type
- Vulnerability
- Categories
- Aliases
- References
- Patched
-
>=0.15.2
^0.14.11
^0.13.7
Description
If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow exfiltration of private in-memory data.
The C++ Cap'n Proto library is also affected by this bug. See the advisory on the main Cap'n Proto repo for a succinct description of the exact circumstances in which the problem can arise.
Advisory available under CC0-1.0 license.