CVE-2023-48230

Name of the Vulnerable Software and Affected Versions Cap'n Proto versions 1.0 through 1.0.1

Description The issue is related to a buffer underrun that can be caused by a remote peer when using the KJ HTTP library with WebSocket compression enabled. This can result in a crash, enabling a remote denial-of-service attack. Most users are unlikely to have this functionality enabled and are therefore unlikely to be affected. The bytes written out-of-bounds are always a specific constant 4-byte string { 0x00, 0x00, 0xFF, 0xFF }. Because this string is not controlled by the attacker, it is believed that remote code execution is unlikely, but it cannot be ruled out.

Recommendations For Cap'n Proto versions 1.0 through 1.0.1, update to version 1.0.1.1 to fix the issue. As a temporary workaround, consider disabling WebSocket compression in the KJ HTTP library via HttpClientSettings or HttpServerSettings until a patch is available. Restrict access to the KJ HTTP library to minimize the risk of exploitation.