ID CVE-2015-2311
Summary Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
References
Vulnerable Configurations
  • cpe:2.3:a:capnproto:capnproto:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:capnproto:capnproto:0.5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:capnproto:capnproto:0.5.1.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-08-2017 - 14:35)
Impact:
Exploitability:
CWE CWE-191
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm
misc https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566
mlist [oss-security] 20150317 Re: CVE Request: Cap'n Proto: Several issues
Last major update 17-08-2017 - 14:35
Published 09-08-2017 - 18:29
Last modified 17-08-2017 - 14:35
Back to Top