CVE-2020-8939

EPSS 0.02%
Veröffentlicht 15.12.2020 15:15:13
Zuletzt bearbeitet 21.11.2024 05:39:42
Quelle cve-coordination@google.com
CVE-Watchlists
Login
Unerledigt
Login

Out of Bounds read in Asylo

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Asylo Version <= 0.6.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
cve-coordination@google.com	5.3	1	4.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8939

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8939

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8939

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-8939