Sandstorm
by Sandstorm Io
Source repositories
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2311 | Cri | 0.57 | 9.8 | 0.03 | Aug 9, 2017 | Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message. | ||
| CVE-2015-2310 | Cri | 0.52 | 9.1 | 0.02 | Aug 9, 2017 | Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation. | ||
| CVE-2017-6198 | Med | 0.42 | 6.5 | 0.01 | Feb 6, 2018 | The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space. | ||
| CVE-2015-2313 | Hig | 0.42 | 7.5 | 0.02 | Aug 9, 2017 | Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this… | ||
| CVE-2015-2312 | Hig | 0.42 | 7.5 | 0.02 | Aug 9, 2017 | Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements. | ||
| CVE-2017-6201 | Hig | 0.00 | 8.1 | 0.02 | Feb 6, 2018 | A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs… | ||
| CVE-2017-6200 | Med | 0.00 | 6.5 | 0.02 | Feb 6, 2018 | Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name. | ||
| CVE-2017-6199 | Cri | 0.00 | 9.8 | 0.03 | Feb 6, 2018 | A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field. |
- risk 0.57cvss 9.8epss 0.03
Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.
- risk 0.52cvss 9.1epss 0.02
Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.
- risk 0.42cvss 6.5epss 0.01
The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.
- risk 0.42cvss 7.5epss 0.02
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this…
- risk 0.42cvss 7.5epss 0.02
Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.
- risk 0.00cvss 8.1epss 0.02
A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs…
- risk 0.00cvss 6.5epss 0.02
Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.
- risk 0.00cvss 9.8epss 0.03
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.