GHSA-5w5r-mf82-595p: Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema
The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::get_root_unchecked, which can cause undefined behavior (UB) by constructing arbitrary words or schemas.
References
- github.com/advisories/GHSA-5w5r-mf82-595p
- github.com/capnproto/capnproto-rust
- github.com/capnproto/capnproto-rust/commit/7b981f4c75a975c80444cd38729bcdf12bf3eabf
- github.com/capnproto/capnproto-rust/commit/e3aeec213e6d1b30a182bf61682a370f20d8a02c
- github.com/capnproto/capnproto-rust/issues/605
- rustsec.org/advisories/RUSTSEC-2025-0143.html
Code Behaviors & Features
Detect and mitigate GHSA-5w5r-mf82-595p with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →