UBUNTU-CVE-2022-46149

Source
https://ubuntu.com/security/CVE-2022-46149
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-46149.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-46149
Related
Published
2022-11-30T17:15:00Z
Modified
2025-01-13T10:23:34Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The capnp Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.

References

Affected packages

Ubuntu:Pro:14.04:LTS / capnproto

Package

Name
capnproto
Purl
pkg:deb/ubuntu/capnproto@0.4.0-1ubuntu2.1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.2.1-1
0.4.0~git20131030+e7d2778-0ubuntu1
0.4.0-1ubuntu1
0.4.0-1ubuntu2
0.4.0-1ubuntu2.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / capnproto

Package

Name
capnproto
Purl
pkg:deb/ubuntu/capnproto@0.5.3-2ubuntu1.1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.0-1ubuntu3
0.5.3-2ubuntu1
0.5.3-2ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / capnproto

Package

Name
capnproto
Purl
pkg:deb/ubuntu/capnproto@0.5.3-2ubuntu1.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.0-1ubuntu3
0.5.3-2ubuntu1
0.5.3-2ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / interchange

Package

Name
interchange
Purl
pkg:deb/ubuntu/interchange@5.7.7-2?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

5.*

5.7.7-2

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / capnproto

Package

Name
capnproto
Purl
pkg:deb/ubuntu/capnproto@0.6.1-1ubuntu1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.5.3-2ubuntu2
0.6.1-1
0.6.1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / capnproto

Package

Name
capnproto
Purl
pkg:deb/ubuntu/capnproto@0.7.0-6?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.7.0-5
0.7.0-5build1
0.7.0-6

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / capnproto

Package

Name
capnproto
Purl
pkg:deb/ubuntu/capnproto@0.8.0-2ubuntu2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.7.0-7build1
0.8.0-2ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "low"
}