{"id":"RUSTSEC-2022-0068","summary":"out-of-bounds read possible when setting list-of-pointers","details":"If a message consumer expects data\nof type \"list of pointers\",\nand if the consumer performs certain specific actions on such data,\nthen a message producer can cause the consumer to read out-of-bounds memory.\nThis could trigger a process crash in the consumer,\nor in some cases could allow exfiltration of private in-memory data.\n\nThe C++ Cap'n Proto library is also affected by this bug.\nSee the [advisory](https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md)\non the main Cap'n Proto repo for a succinct description of\nthe exact circumstances in which the problem can arise.","aliases":["CVE-2022-46149","GHSA-qqff-4vw4-f6hx"],"modified":"2023-11-08T04:10:54.980908Z","published":"2022-11-30T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/capnp"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0068.html"},{"type":"WEB","url":"https://github.com/capnproto/capnproto/tree/master/security-advisories/2022-11-30-0-pointer-list-bounds.md"},{"type":"WEB","url":"https://dwrensha.github.io/capnproto-rust/2022/11/30/out_of_bounds_memory_access_bug.html"},{"type":"ADVISORY","url":"https://github.com/capnproto/capnproto/security/advisories/GHSA-qqff-4vw4-f6hx"}],"affected":[{"package":{"name":"capnp","ecosystem":"crates.io","purl":"pkg:cargo/capnp"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.13.7"},{"introduced":"0.14.0-0"},{"fixed":"0.14.11"},{"introduced":"0.15.0-0"},{"fixed":"0.15.2"}]}],"ecosystem_specific":{"affects":{"functions":[],"os":[],"arch":[]},"affected_functions":null},"database_specific":{"categories":["memory-exposure"],"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0068.json","cvss":null,"informational":null}}],"schema_version":"1.7.3"}