CVE-2020-8936

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*

Information

Published : 2020-12-15 07:15

Updated : 2020-12-17 18:49


NVD link : CVE-2020-8936

Mitre link : CVE-2020-8936


JSON object : View

CWE
CWE-125

Out-of-bounds Read

Advertisement

dedicated server usa

Products Affected

google

  • asylo