CVE-2020-8936

Name of the Vulnerable Software and Affected Versions Asylo versions up to 0.6.0

Description An arbitrary memory overwrite issue allows an attacker to make a host call to UntrustedCall. UntrustedCall failed to validate the buffer range within sgx params and allowed the host to return a pointer that was an address within the enclave memory. This allowed an attacker to read memory values from within the enclave.

Recommendations For Asylo versions up to 0.6.0, update to a version later than 0.6.0 to resolve the issue. As a temporary workaround, consider restricting access to the UntrustedCall function to minimize the risk of exploitation.