Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2015-2313

Published: 09/08/2017 Updated: 17/08/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Capnproto

Vulnerability Summary

Sandstorm Cap'n Proto prior to 0.4.1.1 and 0.5.x prior to 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

capnproto capnproto 0.5.1.1

capnproto capnproto 0.5.0.0

capnproto capnproto

capnproto capnproto 0.5.1.0

Vendor Advisories

Debian CVElist Bug Report Logs: capnproto: CVE-2015-2310: Integer overflow in pointer validation
Debian Bug report logs - #780565 capnproto: CVE-2015-2310: Integer overflow in pointer validation Package: capnproto; Maintainer for capnproto is Tom Lee <debian@tomleeco>; Source for capnproto is src:capnproto (PTS, buildd, popcon) Reported by: Tom Lee <debian@tomleeco> Date: Mon, 16 Mar 2015 04:36:01 UTC Severit ...
Debian CVElist Bug Report Logs: capnproto: CVE-2015-2313: CPU usage amplification attack #2
Debian Bug report logs - #780568 capnproto: CVE-2015-2313: CPU usage amplification attack #2 Package: capnproto; Maintainer for capnproto is Tom Lee <debian@tomleeco>; Source for capnproto is src:capnproto (PTS, buildd, popcon) Reported by: Tom Lee <debian@tomleeco> Date: Mon, 16 Mar 2015 04:48:06 UTC Severity: gr ...
Debian CVElist Bug Report Logs: capnproto: CVE-2015-2312: CPU usage amplification attack
Debian Bug report logs - #780567 capnproto: CVE-2015-2312: CPU usage amplification attack Package: capnproto; Maintainer for capnproto is Tom Lee <debian@tomleeco>; Source for capnproto is src:capnproto (PTS, buildd, popcon) Reported by: Tom Lee <debian@tomleeco> Date: Mon, 16 Mar 2015 04:48:01 UTC Severity: grave ...
Debian CVElist Bug Report Logs: capnproto: CVE-2015-2311: Integer underflow in pointer validation
Debian Bug report logs - #780566 capnproto: CVE-2015-2311: Integer underflow in pointer validation Package: capnproto; Maintainer for capnproto is Tom Lee <debian@tomleeco>; Source for capnproto is src:capnproto (PTS, buildd, popcon) Reported by: Tom Lee <debian@tomleeco> Date: Mon, 16 Mar 2015 04:45:02 UTC Severi ...

References

CWE-400https://github.com/capnproto/capnproto/commit/80149744bdafa3ad4eedc83f8ab675e27baee868https://github.com/capnproto/capnproto/blob/master/security-advisories/2015-03-05-0-c%2B%2B-addl-cpu-amplification.mdhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780568http://www.openwall.com/lists/oss-security/2015/03/17/3https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780565
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook