[Secure-testing-team] Bug#860960: capnproto: CVE-2017-7892
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 22 17:43:07 UTC 2017
Source: capnproto
Version: 0.5.3-2
Severity: minor
Tags: upstream security fixed-upstream
Hi,
the following vulnerability was published for capnproto.
CVE-2017-7892[0]:
| Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a
| compiler optimization. A remote attacker can trigger a segfault in a
| 32-bit libcapnp application because Cap'n Proto relies on pointer
| arithmetic calculations that overflow. An example compiler with
| optimization that elides a bounds check in such calculations is Apple
| LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far
| pointer within a message.
So far only Apple's compiler has been shown to apply the problematic
optimization. The issue though is fixed in 0.5.3.1 and this bugreport
is to help track the fix so that we can properly update the fixing
version once the fix lands in the archive.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-7892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7892
Regards,
Salvatore
More information about the Secure-testing-team
mailing list