CVE-2015-2311 : Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1

Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.

Published 2017-08-09 18:29:01

Updated 2017-08-17 14:35:21

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: Execute codeDenial of service

Products affected by CVE-2015-2311

Capnproto » Capnproto
Versions up to, including, (<=) 0.4.1.0
cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*
Matching versions
Capnproto » Capnproto » Version: 0.5.0.0
cpe:2.3:a:capnproto:capnproto:0.5.0.0:*:*:*:*:*:*:*
Matching versions
Capnproto » Capnproto » Version: 0.5.1.0
cpe:2.3:a:capnproto:capnproto:0.5.1.0:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2311

EPSS FAQ

1.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 76 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2311

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-2311

CWE-191 Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2311

http://www.openwall.com/lists/oss-security/2015/03/17/3

oss-security - Re: CVE Request: Cap'n Proto: Several issues
Mailing List;Third Party Advisory

CVEs referencing this url
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780566

#780566 - capnproto: CVE-2015-2311: Integer underflow in pointer validation - Debian Bug report logs
Mailing List;Third Party Advisory
https://github.com/capnproto/capnproto/commit/26bcceda72372211063d62aab7e45665faa83633

SECURITY: Integer underflow in pointer validation. · capnproto/capnproto@26bcced · GitHub
Third Party Advisory
https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md

capnproto/2015-03-02-1-c++-integer-underflow.md at master · capnproto/capnproto · GitHub
Third Party Advisory

Jump to

Vulnerability Details : CVE-2015-2311

Products affected by CVE-2015-2311

Exploit prediction scoring system (EPSS) score for CVE-2015-2311

CVSS scores for CVE-2015-2311

CWE ids for CVE-2015-2311

References for CVE-2015-2311