CVE-2017-7892

Priority
Low
Description
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a
compiler optimization. A remote attacker can trigger a segfault in a 32-bit
libcapnp application because Cap'n Proto relies on pointer arithmetic
calculations that overflow. An example compiler with optimization that
elides a bounds check in such calculations is Apple LLVM version 8.1.0
(clang-802.0.41). The attack vector is a crafted far pointer within a
message.
References
Notes
 ratliff> Advisory: "Some bounds checks are elided by Apple's compiler and possibly others, leading to a possible attack especially in 32-bit builds."
 ratliff> Setting status to needs-triage to investigate whether it impacts Ubuntu
Package
Upstream:released (0.5.3.1)
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
More Information

Updated: 2017-08-11 23:26:46 UTC (commit 13081)