CVE-2020-8935

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
GoogleCNA
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 2%
VendorProductVersion
googleasylo
𝑥
≤ 0.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/google/asylo/commit/ed0926bff0e423cd122a18b3d2fc772817f66825
https://github.com/google/asylo/commit/ed0926bff0e423cd122a18b3d2fc772817f66825