Main Vulnerability Database Vulnerabilities #VU45854

#VU45854 Buffer overflow in asylo - CVE-2020-8904

Published: August 12, 2020 / Updated: August 21, 2020

Vulnerability identifier: #VU45854

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-8904

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
asylo

Software vendor:
Google

Description

The vulnerability allows a remote authenticated user to #BASIC_IMPACT#.

An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.

Remediation

Install update from vendor's website.

External links

https://github.com/google/asylo/commit/e582f36ac49ee11a21d23ad6a30c333092e0a94e

#VU45854 Buffer overflow in asylo - CVE-2020-8904

Description

Remediation

External links

Please verify you're human