CVE Vulnerabilities

CVE-2015-2311

Integer Underflow (Wrap or Wraparound)

Published: Aug 09, 2017 | Modified: Aug 17, 2017
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Integer underflow in Sandstorm Capn Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.

Weakness

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Affected Software

Name Vendor Start Version End Version
Capnproto Capnproto * 0.4.1.0 (including)
Capnproto Capnproto 0.5.0.0 (including) 0.5.0.0 (including)
Capnproto Capnproto 0.5.1.0 (including) 0.5.1.0 (including)
Capnproto Ubuntu trusty *
Capnproto Ubuntu trusty/esm *
Capnproto Ubuntu upstream *
Capnproto Ubuntu vivid/stable-phone-overlay *
Capnproto Ubuntu wily *

References