Browse all 4 CVE security advisories affecting capnproto. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Capnproto serves as a high-performance serialization system designed for low-latency data exchange across networks, commonly used in distributed systems and real-time applications. Historically, its vulnerabilities have primarily centered on remote code execution (RCE) and denial-of-service (DoS) flaws, often stemming from buffer handling and parsing issues. While no major public incidents have been widely documented, the four recorded CVEs highlight risks in memory safety and input validation. The system's binary protocol reduces certain attack surfaces compared to text-based alternatives, but its complex parsing logic remains a potential source of exploitation, particularly in untrusted environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32240 | Cap'n Proto: Integer overflow in KJ-HTTP chunk size — capnprotoCWE-197 | 8.2AI | HighAI | 2026-03-12 |
| CVE-2026-32239 | Cap'n Proto has an integer overflow in KJ-HTTP — capnprotoCWE-444 | 7.5AI | HighAI | 2026-03-12 |
| CVE-2023-48230 | Cap'n Proto WebSocket message can cause crash — capnprotoCWE-124 | 5.9 | Medium | 2023-11-21 |
| CVE-2022-46149 | Cap'n Proto vulnerable to out-of-bounds read due to logic error handling list-of-list. — capnprotoCWE-125 | 5.4 | Medium | 2022-11-30 |
This page lists every published CVE security advisory associated with capnproto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.