← Voltar para CVEs
CVE-2020-8941
MEDIUM5.3
Descricao
An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec
Detalhes CVE
Pontuacao CVSS v3.15.3
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Vetor de ataqueLOCAL
ComplexidadeHIGH
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado12/15/2020
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
google:asylo
Fraquezas (CWE)
CWE-120CWE-125
Referencias
https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec(cve-coordination@google.com)
https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.