Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-48230

Published: 21 November 2023

Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant value that is not attacker-controlled, likely resulting in a crash, enabling a remote denial-of-service attack. Most Cap'n Proto and KJ users are unlikely to have this functionality enabled and so unlikely to be affected. Maintainers suspect only the Cloudflare Workers Runtime is affected. If KJ HTTP is used with WebSocket compression enabled, a malicious peer may be able to cause a buffer underrun on a heap-allocated buffer. KJ HTTP is an optional library bundled with Cap'n Proto, but is not directly used by Cap'n Proto. WebSocket compression is disabled by default. It must be enabled via a setting passed to the KJ HTTP library via `HttpClientSettings` or `HttpServerSettings`. The bytes written out-of-bounds are always a specific constant 4-byte string `{ 0x00, 0x00, 0xFF, 0xFF }`. Because this string is not controlled by the attacker, maintainers believe it is unlikely that remote code execution is possible. However, it cannot be ruled out. This functionality first appeared in Cap'n Proto 1.0. Previous versions are not affected. This issue is fixed in Cap'n Proto 1.0.1.1.

Priority

Medium

Cvss 3 Severity Score

9.8

Score breakdown

Status

Package Release Status
capnproto
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable
(0.7.0-6)
jammy Not vulnerable
(0.8.0-2ubuntu2)
lunar Not vulnerable
(0.9.2-2)
mantic Not vulnerable
(0.9.2-3)
trusty Not vulnerable

upstream
Released (1.0.1.1)
xenial Not vulnerable

Patches:
upstream: https://github.com/capnproto/capnproto/commit/75c5c1499aa6e7690b741204ff9af91cce526c59
upstream: https://github.com/capnproto/capnproto/commit/e7f22da9c01286a2b0e1e5fbdf3ec9ab3aa128ff

Severity score breakdown

Parameter Value
Base score 9.8
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H