← Volver a CVEs
CVE-2020-8941
MEDIUM5.3
Descripcion
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Vector de ataqueLOCAL
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado12/15/2020
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
google:asylo
Debilidades (CWE)
CWE-120CWE-125
Referencias
https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec(cve-coordination@google.com)
https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.