Capnproto
CVE-2015-2313
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.
AnalysisAI
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400), which allows attackers to cause denial of service by exhausting system resources. Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312. Affected products include: Capnproto. Version information: before 0.4.1.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement rate limiting, set resource quotas, validate input sizes, use timeouts.
Cap'n Proto is a data interchange format and capability-based RPC system. Rated critical severity (CVSS 9.8), this vulne
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a d
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to c
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. Rated high severity (CVSS
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and
n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 contains a vulnerability that
n Proto is a data interchange format and capability-based RPC system. versions up to 1.4.0 is affected by integer overfl
Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Rated medium severity (CVSS 5.4), this
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today