- Reported
-
- Issued
-
- Package
-
capnp
(crates.io)
- Type
-
Vulnerability
- Categories
-
- Aliases
-
- Details
-
https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
- Patched
-
>=0.15.2^0.14.11^0.13.7
Description
If a message consumer expects data
of type "list of pointers",
and if the consumer performs certain specific actions on such data,
then a message producer can cause the consumer to read out-of-bounds memory.
This could trigger a process crash in the consumer,
or in some cases could allow exfiltration of private in-memory data.
The C++ Cap'n Proto library is also affected by this bug.
See the advisory
on the main Cap'n Proto repo for a succinct description of
the exact circumstances in which the problem can arise.