libCapsiNetwork: Denial of Service — GLSA 201507-12

A buffer overflow in libcapsinetwork might allow remote attackers to cause a Denial of Service condition.

Affected Packages

net-libs/libcapsinetwork on all architectures
Affected versions <= 0.3.0-r2
Unaffected versions

Background

libCapsiNetwork is a C++ network library to allow fast development of server daemon processes.

Description

An off-by-one buffer overflow in libcapsinetwork network handling code is discovered.

Impact

A remote attacker could send a specially crafted request to application, that is linked with libcapsinetwork, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

Gentoo discontinued support for libCapsiNetwork. We recommend that users unmerge it:

 # emerge --unmerge "net-libs/libcapsinetwork"
 

References

Release Date
July 10, 2015

Latest Revision
July 11, 2015: 2

Severity
normal

Exploitable
remote

Bugzilla entries