PT-2021-15136 · Google · Asylo
Kang Li
+4
·
Published
2021-06-08
·
Updated
2021-06-17
·
CVE-2021-22548
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Asylo versions prior to 0.6.2
Description
An attacker can change the pointer to untrusted memory to point to a trusted memory region, causing copying of trusted memory to trusted memory. If the latter is later copied out, it allows for reading of memory regions from the trusted region.
Recommendations
For Asylo versions prior to 0.6.2, update past 0.6.2 or apply the git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c.
Fix
Access of Memory Location After End of Buffer
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Asylo