CVE-2022-46149

Description

If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow exfiltration of private in-memory data. The C++ Cap'n Proto library is also affected by this bug. See the [advisory](https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md) on the main Cap'n Proto repo for a succinct description of the exact circumstances in which the problem can arise.

Affected packages (4)

• crates.io/capnp>= 0.15.0, < 0.15.2
• crates.io/capnp>= 0.0.0-0, < 0.13.7, >= 0.14.0-0, < 0.14.11, >= 0.15.0-0, < 0.15.2
• Debian/capnprotofrom 0
• Debian/rust-capnpfrom 0, < 0.14.11-1.1

CVSS scores

References (13)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-46149
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-46149
• PATCHhttps://crates.io/crates/capnp
• PATCHhttps://github.com/capnproto/capnproto
• WEBhttps://dwrensha.github.io/capnproto-rust/2022/11/30/out_of_bounds_memory_access_bug.html
• WEBhttps://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9
• WEBhttps://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx
• WEBhttps://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX
• WEBhttps://lists.fedoraproject.org/archives/list/[email protected]/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4
• WEBhttps://rustsec.org/advisories/RUSTSEC-2022-0068.html