Kongoshuu

**Name of the Vulnerable Software and Affected Versions** Asylo versions prior to 0.6.2 **Description** An attacker can change the pointer to untrusted memory to point to a trusted memory region, causing copying of trusted memory to trusted memory. If the latter is later copied out, it allows for reading of memory regions from the trusted region. **Recommendations** For Asylo versions prior to 0.6.2, update past 0.6.2 or apply the git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c.

**Name of the Vulnerable Software and Affected Versions** Asylo versions prior to 0.6.2 **Description** An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. **Recommendations** For Asylo versions prior to 0.6.2, update past 0.6.2 or apply the git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c.

**Name of the Vulnerable Software and Affected Versions** Asylo versions prior to 0.6.3 **Description** An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. **Recommendations** Update to a version past 0.6.3 or apply the changes from the git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c to mitigate the issue.

**Name of the Vulnerable Software and Affected Versions** Software (affected versions not specified) **Description** An out of bounds read on the `enc untrusted inet ntop` function allows an attack to extend the result size that is used by `memcpy()` to read memory from within the enclave heap. **Recommendations** Upgrade past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4 to resolve the issue. As a temporary workaround, consider restricting access to the `enc untrusted inet ntop` function until a patch is available.