PT-2020-20373 · Google · Asylo

Kang Li

Published

2020-12-15

Updated

2021-07-21

CVE-2020-8935

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Asylo versions up to 0.6.0

Description The issue allows an attacker to make an Ecall restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address, due to an arbitrary memory overwrite.

Recommendations Update the library to a version later than 0.6.0.

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

CVE-2020-8935

Affected Products

Asylo

PT-2020-20373 · Google · Asylo

CVE-2020-8935

Weakness Enumeration

Related Identifiers

Affected Products

References · 4