Описание
Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema
The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::get_root_unchecked, which can cause undefined behavior (UB) by constructing arbitrary words or schemas.
Reader::get
pub fn get(&self) -> Result<<T as Owned>::Reader<'static>> {
// ...
// UNSAFE: access `words` without validation
}
StructSchema::new
pub fn new(builder: RawBrandedStructSchema) -> StructSchema {
// ...
// UNSAFE: access encoded nodes without validation
}
This vulnerability allows safe Rust code to trigger UB, which violates Rust's safety guarantees.
The issue is resolved in version 0.24.0 by making constructor functions unsafe and mark the fields of struct as visible only in the crate.
Пакеты
Наименование
capnp
rust
Затронутые версииВерсия исправления
< 0.24.0
0.24.0
9.3 Critical
CVSS4
Дефекты
CWE-758
9.3 Critical
CVSS4
Дефекты
CWE-758