PT-2017-6569 · Sandstorm · Cap'N Proto
David Renshaw
·
Publicado
2017-08-09
·
Atualizado
2017-08-17
·
CVE-2015-2313
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Sandstorm Cap'n Proto versions prior to 0.4.1.1
Sandstorm Cap'n Proto versions 0.5.x prior to 0.5.1.2
Description
The issue allows remote peers to cause a denial of service, specifically CPU consumption, by sending a crafted small message. This triggers a "tight" for loop when an application invokes the totalSize method on an object reader.
Recommendations
For versions prior to 0.4.1.1, update to version 0.4.1.1 or later.
For versions 0.5.x prior to 0.5.1.2, update to version 0.5.1.2 or later.
Correção
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cap'N Proto