Asylo Security Vulnerabilities and Issues — Asylo CVE List

Lucene search

GoogleAsylo

10 matches found

CVE•added 2020/12/15 3:15 p.m.•47 views

CVE-2020-8942

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the inten...

5.5CVSS5.3AI score0.00019EPSS

CVE•added 2020/12/15 3:15 p.m.•43 views

CVE-2020-8944

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within t...

5.5CVSS5.3AI score0.00018EPSS

CVE•added 2020/12/15 3:15 p.m.•40 views

CVE-2020-8936

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx_params and allowed the host to return a pointer that was an address within the enclave memory. This allowed...

5.5CVSS5.3AI score0.00019EPSS

CVE•added 2020/12/15 3:15 p.m.•36 views

CVE-2020-8938

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. We recommend upgrading past commit...

5.3CVSS4.2AI score0.0004EPSS

CVE•added 2020/12/15 3:15 p.m.•35 views

CVE-2020-8935

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. We recommend updating your library.

7.8CVSS7.6AI score0.00017EPSS

CVE•added 2020/12/15 3:15 p.m.•35 views

CVE-2020-8937

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. This allows an attacker to write m...

5.3CVSS4.2AI score0.00018EPSS

CVE•added 2020/12/15 3:15 p.m.•35 views

CVE-2020-8943

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the in...

5.5CVSS5.3AI score0.00019EPSS

CVE•added 2020/12/15 3:15 p.m.•33 views

CVE-2020-8941

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intend...

5.5CVSS5.4AI score0.00019EPSS

CVE•added 2020/12/15 3:15 p.m.•32 views

CVE-2020-8939

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

5.5CVSS5.3AI score0.00019EPSS

CVE•added 2020/12/15 3:15 p.m.•32 views

CVE-2020-8940

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size...

5.5CVSS5.4AI score0.00019EPSS