3 matches found
CVE-2020-8904
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted...
CVE-2020-8904
The CVE-2020-8904 entry concerns Asylo prior to 0.6.0, where the ecall_restore function does not validate the range of the output_len pointer, allowing an attacker to manipulate tmp_output_len and overwrite arbitrary trusted (enclave) memory. Affected product: Asylo (pre-0.6.0). Impact described:...
CVE-2020-8904 Arbitrary trusted memory overwrite vulnerability in Asylo
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted...