VYPR

Sandstorm

by Sandstorm Io

Source repositories

CVEs (8)

  • CVE-2015-2311CriAug 9, 2017
    risk 0.57cvss 9.8epss 0.03

    Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execute arbitrary code via a crafted message.

  • CVE-2015-2310CriAug 9, 2017
    risk 0.52cvss 9.1epss 0.02

    Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory via a crafted message, related to pointer validation.

  • CVE-2017-6198MedFeb 6, 2018
    risk 0.42cvss 6.5epss 0.01

    The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.

  • CVE-2015-2313HigAug 9, 2017
    risk 0.42cvss 7.5epss 0.02

    Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an application invokes the totalSize method on an object reader, allows remote peers to cause a denial of service (CPU consumption) via a crafted small message, which triggers a "tight" for loop. NOTE: this…

  • CVE-2015-2312HigAug 9, 2017
    risk 0.42cvss 7.5epss 0.02

    Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service (CPU and possibly general resource consumption) via a list with a large number of elements.

  • CVE-2017-6201HigFeb 6, 2018
    risk 0.00cvss 8.1epss 0.02

    A Server Side Request Forgery vulnerability exists in the install app process in Sandstorm before build 0.203. A remote attacker may exploit this issue by providing a URL. It could bypass access control such as firewalls that prevent the attackers from accessing the URLs…

  • CVE-2017-6200MedFeb 6, 2018
    risk 0.00cvss 6.5epss 0.02

    Sandstorm before build 0.203 allows remote attackers to read any specified file under /etc or /run via the sandbox backup function. The root cause is that the findFilesToZip function doesn't filter Line Feed (\n) characters in a directory name.

  • CVE-2017-6199CriFeb 6, 2018
    risk 0.00cvss 9.8epss 0.03

    A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.