If a message consumer expects data
of type “list of pointers”,
and if the consumer performs certain specific actions on such data,
then a message producer can cause the consumer to read out-of-bounds memory.
This could trigger a process crash in the consumer,
or in some cases could allow exfiltration of private in-memory data.
The C++ Cap’n Proto library is also affected by this bug.
See the advisory
on the main Cap’n Proto repo for a succinct description of
the exact circumstances in which the problem can arise.