CVE-2022-46149

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-46149
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-46149.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-46149
Aliases
Related
Published
2022-11-30T17:15:10Z
Modified
2025-01-15T03:59:08.227269Z
Downstream
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The capnp Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.

References

Affected packages

Debian:11 / capnproto

Package

Name
capnproto
Purl
pkg:deb/debian/capnproto?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.7.0-7
0.8.0-1
0.8.0-2
0.8.0-3
0.9.1-1
0.9.1-2
0.9.1-3
0.9.1-4
0.9.2-1
0.9.2-2
0.9.2-3
0.9.2-4

1.*

1.0.1-1
1.0.1-2
1.0.1-3
1.0.1-4
1.1.0-1
1.1.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / capnproto

Package

Name
capnproto
Purl
pkg:deb/debian/capnproto?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / capnproto

Package

Name
capnproto
Purl
pkg:deb/debian/capnproto?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / rust-capnp

Package

Name
rust-capnp
Purl
pkg:deb/debian/rust-capnp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.14.11-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / rust-capnp

Package

Name
rust-capnp
Purl
pkg:deb/debian/rust-capnp?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.14.11-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/capnproto/capnproto

Affected ranges

Type
GIT
Repo
https://github.com/capnproto/capnproto
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed