GoogleOSV:RUSTSEC-2022-0068out-of-bounds read possible when setting list-of-pointers
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
47.3%
If a message consumer expects data
of type “list of pointers”,
and if the consumer performs certain specific actions on such data,
then a message producer can cause the consumer to read out-of-bounds memory.
This could trigger a process crash in the consumer,
or in some cases could allow exfiltration of private in-memory data.
The C++ Cap’n Proto library is also affected by this bug.
See the advisory
on the main Cap’n Proto repo for a succinct description of
the exact circumstances in which the problem can arise.
References
crates.io/crates/capnp
dwrensha.github.io/capnproto-rust/2022/11/30/out_of_bounds_memory_access_bug.html
github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
rustsec.org/advisories/RUSTSEC-2022-0068.html
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.001 Low
EPSS
Percentile
47.3%