Security Advisory for capnproto-c++ and preventative measures going forward

68 views

Skip to first unread message

Kenton Varda

unread,

Mar 2, 2015, 4:42:55 PM3/2/15

to capnproto...@googlegroups.com

Hello capnproto-announce,

Three security flaws have been found in Cap'n Proto that could allow denial of service and possibly exfiltration of memory. If you use the Cap'n Proto C++ implementation to process messages from possibly-malicious sources, you should update immediately to one of the following releases:

Release 0.5.1.1:

- Unix: https://capnproto.org/capnproto-c++-0.5.1.1.tar.gz

- Windows: https://capnproto.org/capnproto-c++-win32-0.5.1.1.zip

Release 0.4.1.1:

- Unix: https://capnproto.org/capnproto-c++-0.4.1.1.tar.gz

We have implemented a number of preventative measures that should catch these kinds of bugs in the future, including multiple kinds of fuzz testing as well as template-metaprogramming-based static analysis. Please read the blog post for details:

https://capnproto.org/news/2015-03-02-security-advisory-and-integer-overflow-protection.html

Thanks to Ben Laurie for reporting two of the problems and American Fuzzy Lop for finding them. (The third problem was found through our new static analysis.)