Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 17 Mar 2015 00:50:59 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, debian@...lee.co, bernat@...ian.org
Subject: Re: CVE Request: Cap'n Proto: Several issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Can you assign CVEs for the following issues in Cap'n Proto? Details
> and fixing commits are referenced in upstream problem descriptions:

> 1/ Integer overflow in pointer validation
>   - https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2015-03-02-0-c%2B%2B-integer-overflow.md
>   - https://bugs.debian.org/780565

> Discovered by Ben Laurie

> KJ_REQUIRE(elementTag->structRef.wordSize() / ELEMENTS * ElementCount64(count) <= wordCount,

> KJ_REQUIRE(wordsPerElement * ElementCount64(elementCount) <= wordCount,

> KJ_REQUIRE(ElementCount64(size) * wordsPerElement <= wordCount,

Use CVE-2015-2310.


> 2/ Integer underflow in pointer validation
>   - https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2015-03-02-1-c%2B%2B-integer-underflow.md
>   - https://bugs.debian.org/780566

> Discovered by Kenton Varda

> KJ_REQUIRE(size > 0

Use CVE-2015-2311.


> 3/ CPU usage amplification attack
>   - https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2015-03-02-2-all-cpu-amplification.md
>   - https://bugs.debian.org/780567

> Discovered by Ben Laurie

> Cap'n Proto takes the philosophy that any security mistake that is
> likely to be common in naively-written application code is in fact a
> bug in Cap'n Proto

> list could claim to have up to 2^29-1 elements while only taking 8 or
> 16 bytes on the wire

> application may notice nothing wrong and proceed to iterate through
> and handle each element in the list, potentially taking a lot of time
> and resources

Use CVE-2015-2312.


> 4/ CPU usage amplification attack #2
>   - https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2015-03-05-0-c%2B%2B-addl-cpu-amplification.md
>   - https://bugs.debian.org/780568

> Discovered by David Renshaw

> The new case occurs only if the application invokes the totalSize()
> method on an object reader.

Use CVE-2015-2313.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVB7HrAAoJEKllVAevmvms508IAKyyZQLBjgtp7bTd7lpZ5bKQ
tkHPwBKJLt5AyjkgFN+J1lF0ijW1sInbuzs/n35R/yDk7y1LByOqSUqacPiQma2T
XU+yaK13+7H4Cn3w3t9Vukix6CdhvRTlTKpK5ijF9o3PK+oWgFhcvwSiNvQ7H5nW
V3L7cxYOjUlJabqvWI60rHW1mrVSLc5GMOSFrH7Aau39KbDJAa8EkfkRITYz2Ip2
XZWvqobldBY9wgRvDGdDgpgFGvZM5nMv7irNtSnU3va8eEWXTmh5Mzu1IaKwIuZZ
LH5uX91LbcCeRSRgxfHSIn9xuyMhoQrE+GvfXVzzO54U8r6WgitKD3OguALaXU8=
=9zKY
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ