CVE-2020-8939

EPSS 0.02%
Veröffentlicht 15.12.2020 15:15:13
Zuletzt bearbeitet 21.11.2024 05:39:42
Quelle cve-coordination@google.com
Teams Watchlist Login
Unerledigt Login

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Asylo Version <= 0.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
cve-coordination@google.com	5.3	1	4.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-8939

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-8939

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-8939

EUVD