CVE-2015-2313

Published August 9th, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.8

HIGH

Affected

PROJECT

Description

Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.

capnproto/capnproto

Cap'n Proto serialization/RPC system - core tools and C++ library

GitHub

13.1K