CVE-2017-7892

Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
capnprotocapnproto
𝑥
≤ 0.5.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
capnproto
bullseye
0.7.0-7
fixed
bookworm
0.9.2-2
fixed
sid
1.0.1-4
fixed
trixie
1.0.1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
capnproto
bionic
Fixed 0.6.1-1
released
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 0.5.3-2ubuntu1.1
released
trusty
Fixed 0.4.0-1ubuntu2.1
released
precise
dne
Common Weakness Enumeration
References
https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md