CVE-2020-8943 MEDIUM

CVE-2020-8943: Unchecked buffer overrun in enc_untrusted_recvfrom

Vendor Google Llc

Product Asylo

Weakness CWE-120

Published December 15, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Local

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f

Key dates

02Disclosure timeline

December 15, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-8943 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/120.html

Related vulnerabilities

CVE-2020-8943: Unchecked buffer overrun in enc_untrusted_recvfrom

01Description

02Disclosure timeline

03References

04Related CVE