CVE-2020-8939

EUVD-2020-29770
An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
GoogleCNA
5.3 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Affected Products (NVD)
VendorProductVersion
googleasylo
𝑥
≤ 0.6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4
https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4