CVE-2017-7892

Name of the Vulnerable Software and Affected Versions Cap'n Proto versions prior to 0.5.3.1

Description The issue allows remote crashes due to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. For example, the Apple LLVM version 8.1.0 (clang-802.0.41) compiler has optimization that elides a bounds check in such calculations. The attack vector is a crafted far pointer within a message.

Recommendations For versions prior to 0.5.3.1, update to version 0.5.3.1 or later to resolve the issue. As a temporary workaround, consider disabling the optimization in the compiler to prevent the elision of bounds checks until a patch is applied.