Lucene search

Ubuntu.comUB:CVE-2022-46149

HistoryNov 30, 2022 - 12:00 a.m.

CVE-2022-46149

2022-11-3000:00:00

ubuntu.com

cap'n proto

rpc system

out-of-bounds read

logic error

remote peer

segfault

memory exfiltration

rebuilding applications

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

EPSS

0.002

Percentile

51.6%

JSON

Cap’n Proto is a data interchange format and remote procedure call (RPC)
system. Cap’n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as
well as versions of Cap’n Proto’s Rust implementation prior to 0.13.7,
0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error
handling list-of-list. This issue may lead someone to remotely segfault a
peer by sending it a malicious message, if the victim performs certain
actions on a list-of-pointer type. Exfiltration of memory is possible if
the victim performs additional certain actions on a list-of-pointer type.
To be vulnerable, an application must perform a specific sequence of
actions, described in the GitHub Security Advisory. The bug is present in
inlined code, therefore the fix will require rebuilding dependent
applications. Cap’n Proto has C++ fixes available in versions 0.7.1, 0.8.1,
0.9.2, and 0.10.3. The capnp Rust crate has fixes available in versions
0.13.7, 0.14.11, and 0.15.2.

Notes

Author	Note
mdeslaur	Per upstream: “Unfortunately, the bug is present in inlined code, therefore the fix will require rebuilding dependent applications.” “To be vulnerable, an application must perform a specific sequence of actions, described below. At present, we are not aware of any vulnerable application, but we advise updating regardless.” capnproto is in main in bionic and focal only, and the only reverse depends in main is mir The upstream fix introduces changes both to inline code and to the library which means fixing this will break ABI. Due to the likelyhood of breaking applications, and the fact that it is unlikely applications do the specific sequence of actions to trigger this vulnerability, we will not be fixing this issue in Ubuntu.

Author

Note

mdeslaur

Per upstream: “Unfortunately, the bug is present in inlined code, therefore the fix will require rebuilding dependent applications.” “To be vulnerable, an application must perform a specific sequence of actions, described below. At present, we are not aware of any vulnerable application, but we advise updating regardless.” capnproto is in main in bionic and focal only, and the only reverse depends in main is mir The upstream fix introduces changes both to inline code and to the library which means fixing this will break ABI. Due to the likelyhood of breaking applications, and the fact that it is unlikely applications do the specific sequence of actions to trigger this vulnerability, we will not be fixing this issue in Ubuntu.

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchinterchange< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	interchange	< any	UNKNOWN

References

dwrensha.github.io/capnproto-rust/2022/11/30/out_of_bounds_memory_access_bug.html

github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx

launchpad.net/bugs/cve/CVE-2022-46149

nvd.nist.gov/vuln/detail/CVE-2022-46149

security-tracker.debian.org/tracker/CVE-2022-46149

www.cve.org/CVERecord?id=CVE-2022-46149

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

EPSS

0.002

Percentile

51.6%

JSON

Related for UB:CVE-2022-46149