CVE-2020-8904
6.4
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H
Summary
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Google LLC | Asylo | stable < 0.6.0 | affected |
Weaknesses
- CWE-823: CWE-823 Use of Out-of-range Pointer Offset
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.