2 matches found
CVE-2020-8905 Confidential Information Disclosure vulnerability in Asylo
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'encuntrustedrecvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of...
CVE-2020-8905
The CVE-2020-8905 entry concerns Asylo before 0.6.0, where a buffer-length validation flaw in enc_untrusted_recvfrom allows an attacker to force copying trusted memory into a small untrusted buffer, enabling unauthorized data access. The issue is described as a memory-read vulnerability within Me...