Nixpkgs security tracker
Untriaged
Activity log
- Created suggestion
Cap'n Proto has an integer overflow in KJ-HTTP
Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.
References
-
https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm x_refsource_CONFIRM
-
https://capnproto.org/capnproto-c++-1.4.0.tar.gz x_refsource_MISC
-
https://capnproto.org/capnproto-c++-win32-1.4.0.zip x_refsource_MISC
Affected products
capnproto
- ==< 1.4.0
Matching in nixpkgs
pkgs.capnproto
Cap'n Proto cerealization protocol
pkgs.capnproto-java
Cap'n Proto codegen plugin for Java
Package maintainers
-
@9999years Rebecca Turner <rbt@fastmail.com>
-
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
-
@alois31 Alois Wohlschlager <alois1@gmx-topmail.de>
-
@Qyriad Qyriad <qyriad@qyriad.me>
-
@lf- Jade Lovelace
-
@bhipple Benjamin Hipple <bhipple@protonmail.com>
-
@solson Scott Olson <scott@solson.me>
-
@mikroskeem Mark Vainomaa <mikroskeem@mikroskeem.eu>