David Renshaw

**Name of the Vulnerable Software and Affected Versions** Cap'n Proto versions prior to 0.7.1, 0.8.1, 0.9.2, and 0.10.3 Cap'n Proto's Rust implementation versions prior to 0.13.7, 0.14.11, and 0.15.2 **Description** Cap'n Proto is a data interchange format and remote procedure call (RPC) system. The issue may lead to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. **Recommendations** For Cap'n Proto versions prior to 0.7.1, 0.8.1, 0.9.2, and 0.10.3, update to versions 0.7.1, 0.8.1, 0.9.2, or 0.10.3. For Cap'n Proto's Rust implementation versions prior to 0.13.7, 0.14.11, and 0.15.2, update to versions 0.13.7, 0.14.11, or 0.15.2. As a temporary workaround, consider restricting access to the `getFoo()` function and `setFoo()` function until a patch is available. Avoid using the `AnyList::Reader` API until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sandstorm Cap'n Proto versions prior to 0.4.1.1 Sandstorm Cap'n Proto versions 0.5.x prior to 0.5.1.2 **Description** The issue allows remote peers to cause a denial of service, specifically CPU consumption, by sending a crafted small message. This triggers a "tight" for loop when an application invokes the totalSize method on an object reader. **Recommendations** For versions prior to 0.4.1.1, update to version 0.4.1.1 or later. For versions 0.5.x prior to 0.5.1.2, update to version 0.5.1.2 or later.