CVE-2017-7892

Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-04-17 21:59

Updated : 2024-02-04 19:11

NVD link : CVE-2017-7892

Mitre link : CVE-2017-7892

CVE.ORG link : CVE-2017-7892

JSON object : View

Products Affected

capnproto

capnproto

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2017-7892", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-04-17T21:59:00.403", "references": [{"url": "https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message."}, {"lang": "es", "value": "Sandstorm Cap'n Proto en versiones anteriores a 0.5.3.1 permite bloqueos a distancia relacionados con una optimizaci\u00f3n del compilador. Un atacante remoto puede desencadernar un segfault en una aplicaci\u00f3n libcapnp de 32 bits porque Cap'n Proto se basa en c\u00e1lculos aritm\u00e9ticos de puntero que se desbordan. Un compilador de ejemplo con optimizaci\u00f3n que elide una comprobaci\u00f3n de l\u00edmites en tales c\u00e1lculos es Apple LLVM versi\u00f3n 8.1.0 (clang-802.0.41). El vector de ataque es un puntero lejano elaborado dentro de una mensaje."}], "lastModified": "2017-04-25T18:53:57.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD3046D3-7D44-4255-9649-AD15D53B6303", "versionEndIncluding": "0.5.3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}