RUSTSEC-2022-0068: out-of-bounds read possible when setting list-of-pointers

| Details |  |
| --- | --- |
| Package | `capnp` |
| Version | `0.15.0` |
| URL | https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md |
| Patched Versions | >=0.15.2 OR ^0.14.11 OR ^0.13.7 |
| Aliases | [CVE-2022-46149](https://nvd.nist.gov/vuln/detail/CVE-2022-46149), [GHSA-qqff-4vw4-f6hx](https://github.com/advisories/GHSA-qqff-4vw4-f6hx) |


If a message consumer expects data
of type "list of pointers",
and if the consumer performs certain specific actions on such data,
then a message producer can cause the consumer to read out-of-bounds memory.
This could trigger a process crash in the consumer,
or in some cases could allow exfiltration of private in-memory data.

The C++ Cap'n Proto library is also affected by this bug.
See the [advisory](https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md)
on the main Cap'n Proto repo for a succinct description of
the exact circumstances in which the problem can arise.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

RUSTSEC-2022-0068: out-of-bounds read possible when setting list-of-pointers #12

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Details
Package	`capnp`
Version	`0.15.0`
URL	https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
Patched Versions	>=0.15.2 OR ^0.14.11 OR ^0.13.7
Aliases	CVE-2022-46149, GHSA-qqff-4vw4-f6hx

RUSTSEC-2022-0068: out-of-bounds read possible when setting list-of-pointers #12

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions