Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2022-46149

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
30/11/2022
Last modified:
07/11/2023

Description

Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.

Impact

Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 5.40 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Unchanged
Confidentiality (C): Low
Integrity (I): None
Availability (A): Low

Base Score 3.x
5.40
Severity 3.x
MEDIUM

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:* 0.7.1 (excluding)
cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:* 0.9.0 (including) 0.9.2 (excluding)
cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:* 0.10.0 (including) 0.10.3 (excluding)
cpe:2.3:a:capnproto:capnproto:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:capnproto:capnp:*:*:*:*:*:rust:*:* 0.13.7 (excluding)
cpe:2.3:a:capnproto:capnp:*:*:*:*:*:rust:*:* 0.14.0 (including) 0.14.11 (excluding)
cpe:2.3:a:capnproto:capnp:*:*:*:*:*:rust:*:* 0.15.0 (including) 0.15.2 (excluding)
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools