Security Advisory for capnproto-c++ and preventative measures going forward

Skip to first unread message

Kenton Varda

Mar 2, 2015, 4:42:55 PM3/2/15
Hello capnproto-announce,

Three security flaws have been found in Cap'n Proto that could allow denial of service and possibly exfiltration of memory. If you use the Cap'n Proto C++ implementation to process messages from possibly-malicious sources, you should update immediately to one of the following releases:



We have implemented a number of preventative measures that should catch these kinds of bugs in the future, including multiple kinds of fuzz testing as well as template-metaprogramming-based static analysis. Please read the blog post for details:

Thanks to Ben Laurie for reporting two of the problems and American Fuzzy Lop for finding them. (The third problem was found through our new static analysis.)

Reply all
Reply to author
0 new messages