Описание
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | not-affected | |
| devel | not-affected | |
| esm-infra-legacy/trusty | released | 0.4.0-1ubuntu2.1 |
| esm-infra/bionic | not-affected | |
| esm-infra/xenial | not-affected | 0.5.3-2ubuntu1 |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | released | 0.4.0-1ubuntu2.1 |
Показывать по
7.8 High
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an ...
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-2312.
7.8 High
CVSS2
7.5 High
CVSS3