CVE-2020-8904
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-8904
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8904.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-8904
- Published
- 2020-08-12T19:15:14Z
- Modified
- 2025-01-15T01:46:48.414323Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecallrestore function fails to validate the range of the outputlen pointer, an attacker can manipulate the tmpoutputlen value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
- References
Affected packages
Git / github.com/google/asylo
Affected ranges
- Type
- GIT
- Repo
- https://github.com/google/asylo
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
buildenv-v0.*
buildenv-v0.2.0
buildenv-v0.2.1
buildenv-v0.2.2
buildenv-v0.3.0
buildenv-v0.3.1
buildenv-v0.3.2
buildenv-v0.3.3
buildenv-v0.3.4
buildenv-v0.4.0
buildenv-v0.4.1
buildenv-v0.5.0
buildenv-v0.5.1
buildenv-v0.5.2
buildenv-v0.5.3
v0.*
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.4.1
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.5.3