CVE-2015-2310
Description
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2015-2310 NameCVE-2015-2310 DescriptionInteger overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation. SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE…
CVE-2015-2310
| Name | CVE-2015-2310 |
| Description | Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 780565 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| capnproto (PTS) | bullseye | 0.7.0-7 | fixed |
| bookworm | 0.9.2-2 | fixed | |
| trixie | 1.1.0-2 | fixed | |
| forky, sid | 1.4.0-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| capnproto | source | (unstable) | 0.4.1-3 | 780565 |
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 0.4.1-3 |
| debian | bullseye | fixed | 0.4.1-3 |
| debian | forky | fixed | 0.4.1-3 |
| debian | sid | fixed | 0.4.1-3 |
| debian | trixie | fixed | 0.4.1-3 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| capnproto | capnproto | {"endExcluding":"0.4.1.1"} | 0.4.1.1 |
References
- http://www.openwall.com/lists/oss-security/2015/03/17/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565
- https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md
- https://github.com/capnproto/capnproto/commit/f343f0dbd0a2e87f17cd74f14186ed73e3fbdbfa
- https://security-tracker.debian.org/tracker/CVE-2015-2310
CWEs
CWE-190
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.