PT-2020-20377 · Google Llc+2 · Asylo

Kang Li

Published

2020-12-15

Updated

2020-12-17

CVE-2020-8939

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Software (affected versions not specified)

Description An out of bounds read on the enc untrusted inet ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap.

Recommendations Upgrade past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4 to resolve the issue. As a temporary workaround, consider restricting access to the enc untrusted inet ntop function until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2020-8939

Affected Products

Asylo

PT-2020-20377 · Google Llc+2 · Asylo

CVE-2020-8939

Weakness Enumeration

Related Identifiers

Affected Products

References · 4