CVE-2022-46149: 
Rust vulnerability analysis and mitigation

CVE-2022-46149 is an out-of-bounds read vulnerability discovered in Cap'n Proto's list-of-list handling mechanism. The vulnerability was identified on November 30, 2022, by David Renshaw, the maintainer of Cap'n Proto's Rust implementation, during fuzzing tests. The issue affects both C++ versions prior to 0.10.3 and Rust implementations (capnp crate) versions below 0.15.2, 0.14.11, and 0.13.7 (GitHub Advisory).

The vulnerability stems from inconsistent handling of pointers when a list-of-structs is downgraded to a list-of-pointers. A specially-crafted pointer could bypass bounds checking, potentially leading to out-of-bounds memory reads. The bug is present in inlined code, which means fixing it requires rebuilding dependent applications. The vulnerability has a CVSS v3.1 base score of 5.4 (Moderate) with vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:L (GitHub Advisory).

If successfully exploited, the vulnerability could allow attackers to remotely trigger a segmentation fault or potentially exfiltrate up to 512 KiB of memory immediately following the message buffer. The attack is only possible if the application performs specific actions on a list-of-pointer type and the exfiltrated data must be followed by a valid Cap'n Proto pointer (GitHub Advisory).

The vulnerability has been patched in multiple versions: C++ versions 0.5.4, 0.7.1, 0.8.1, 0.9.2, and 0.10.3, and Rust capnp crate versions 0.15.2, 0.14.11, and 0.13.7. Users are advised to upgrade to these patched versions. Due to the bug being present in inlined code, affected applications need to be rebuilt after updating to the fixed versions (GitHub Advisory, Red Hat).