CVE-2017-7892

Priority
Low
Description
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a
compiler optimization. A remote attacker can trigger a segfault in a 32-bit
libcapnp application because Cap'n Proto relies on pointer arithmetic
calculations that overflow. An example compiler with optimization that
elides a bounds check in such calculations is Apple LLVM version 8.1.0
(clang-802.0.41). The attack vector is a crafted far pointer within a
message.
References
Notes
 ratliff> Advisory: "Some bounds checks are elided by Apple's compiler and possibly others, leading to a possible attack especially in 32-bit builds."
 ratliff> Setting status to needs-triage to investigate whether it impacts Ubuntu
Package
Upstream:released (0.5.3.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):ignored (reached end-of-life)
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
More Information

Updated: 2018-01-15 13:29:56 UTC (commit 14005)