CVE-2020-8939 MEDIUM

CVE-2020-8939: Out of Bounds read in Asylo

Vendor Google Llc
Product Asylo
Weakness CWE-125
Published December 15, 2020
Last update August 4, 2024

CVSS base score

5.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

Key dates

02Disclosure timeline

December 15, 2020 CVE published
August 4, 2024 Record updated