{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-46149", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T14:24:03.395Z", "dateReserved": "2022-11-28T00:00:00", "datePublished": "2022-11-30T00:00:00"}, "containers": {"cna": {"title": "Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list.", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-12-10T00:00:00"}, "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2."}], "affected": [{"vendor": "capnproto", "product": "capnproto", "versions": [{"version": "< 0.7.1", "status": "affected"}, {"version": ">= 0.8.0, < 0.8.1", "status": "affected"}, {"version": ">= 0.9.0, < 0.9.2", "status": "affected"}, {"version": ">= 0.10.0, < 0.10.3", "status": "affected"}, {"version": ">= 0.13.0, < 0.13.7", "status": "affected"}, {"version": ">= 0.14.0, < 0.14.11", "status": "affected"}, {"version": ">= 0.15.0, < 0.15.2", "status": "affected"}]}], "references": [{"url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx"}, {"url": "https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9"}, {"name": "FEDORA-2022-5d37367673", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX/"}, {"name": "FEDORA-2022-18023b665f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4/"}, {"name": "FEDORA-2022-fd7eeedd02", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY/"}, {"name": "FEDORA-2022-7002ec8b22", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-125: Out-of-bounds Read", "cweId": "CWE-125"}]}], "source": {"advisory": "GHSA-qqff-4vw4-f6hx", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:24:03.395Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx", "tags": ["x_transferred"]}, {"url": "https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-5d37367673", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX/"}, {"name": "FEDORA-2022-18023b665f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4/"}, {"name": "FEDORA-2022-fd7eeedd02", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY/"}, {"name": "FEDORA-2022-7002ec8b22", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*", "matchCriteriaId": "D329C641-F7C9-4A6F-8398-BC0A36227B7A", "versionEndExcluding": "0.7.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*", "matchCriteriaId": "F23D31E1-3EC5-4BA9-BD74-D27A6FA809DE", "versionEndExcluding": "0.9.2", "versionStartIncluding": "0.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*", "matchCriteriaId": "99639291-62E7-4D6E-97E4-C673B77A4FA9", "versionEndExcluding": "0.10.3", "versionStartIncluding": "0.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:capnproto:capnproto:0.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "91549D17-7798-4A38-B7B9-E6A0417063E9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:capnproto:capnp:*:*:*:*:*:rust:*:*", "matchCriteriaId": "893E526B-29B6-4FEE-A447-EDDF585FEB52", "versionEndExcluding": "0.13.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:capnproto:capnp:*:*:*:*:*:rust:*:*", "matchCriteriaId": "AA32CD2C-881D-4D86-BF91-B95E33A88B34", "versionEndExcluding": "0.14.11", "versionStartIncluding": "0.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:capnproto:capnp:*:*:*:*:*:rust:*:*", "matchCriteriaId": "1A3D361A-8BCB-4E0F-A4E3-53F989AAC9FC", "versionEndExcluding": "0.15.2", "versionStartIncluding": "0.15.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2."}, {"lang": "es", "value": "Cap'n Proto es un formato de intercambio de datos y un sistema de llamada a procedimiento remoto (RPC). Cap'n Proro anterior a las versiones 0.7.1, 0.8.1, 0.9.2 y 0.10.3, as\u00ed como las versiones de la implementaci\u00f3n Rust de Cap'n Proto anteriores a 0.13.7, 0.14.11 y 0.15.2 son vulnerable a lecturas fuera de l\u00edmites debido a un error l\u00f3gico al manejar la lista de listas. Este problema puede llevar a que alguien segmente remotamente a un par envi\u00e1ndole un mensaje malicioso, si la v\u00edctima realiza ciertas acciones en un tipo de lista de punteros. La exfiltraci\u00f3n de memoria es posible si la v\u00edctima realiza ciertas acciones adicionales en un tipo de lista de punteros. Para ser vulnerable, una aplicaci\u00f3n debe realizar una secuencia espec\u00edfica de acciones, descrita en el Aviso de seguridad de GitHub. El error est\u00e1 presente en el c\u00f3digo integrado, por lo que para solucionarlo ser\u00e1 necesario reconstruir las aplicaciones dependientes. Cap'n Proto tiene correcciones de C++ disponibles en las versiones 0.7.1, 0.8.1, 0.9.2 y 0.10.3. La caja Rust `capnp` tiene correcciones disponibles en las versiones 0.13.7, 0.14.11 y 0.15.2."}], "id": "CVE-2022-46149", "lastModified": "2024-11-21T07:30:12.407", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-30T17:15:10.097", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX/"}, {"source": "security-advisories@github.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAHKLUMJAXJEV5BPBS5XXWBQ3ZTHGOLY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTS6TWD6K2NKXLEEFBPROQXMOFUTEYWY/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WKXM4JAFXLTXU5IQB3OUBQVCIICZWGYX/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZOCQQOPMVQOFUWBWAGVGN76OYAV3WXY4/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1408", "cpe": "cpe:/a:redhat:openshift:4.12::el8", "package": "conmon-rs-0:0.5.1-3.rhaos4.12.git.el8", "product_name": "Red Hat OpenShift Container Platform 4.12", "release_date": "2023-03-27T00:00:00Z"}], "bugzilla": {"description": "capnproto: out of bounds read when handling a list of lists.", "id": "2150074", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150074"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "status": "verified"}, "cwe": "CWE-125", "details": ["Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.", "A flaw was found in capnproto and capnp projects where a specially-crafted pointer could escape bounds checking by exploiting inconsistent handling of pointers when a list-of-structs is downgraded to a list-of-pointers."], "name": "CVE-2022-46149", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "cri-o", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2022-11-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-46149\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46149\nhttps://github.com/capnproto/capnproto/commit/25d34c67863fd960af34fc4f82a7ca3362ee74b9\nhttps://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx"], "threat_severity": "Moderate", "upstream_fix": "capnproto 0.7.1, capnproto 0.8.1, capnproto 0.9.2, capnproto 0.10.3, capnp 0.15.2, capnp 0.14.11, capnp 0.13.7"}