CVE-2021-22550

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22550
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22550.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22550
Published
2021-06-08T14:15:07.873Z
Modified
2026-04-11T23:34:04.870402Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. It is recommended to update past 0.6.3 or git commit https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c

References

Affected packages

Git / github.com/google/asylo

Affected ranges

Type
GIT
Repo
https://github.com/google/asylo
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
49ea8b3ec7a31280bbbc2864375b1d19506d6d54
Fixed
a47ef55db2337d29de19c50cd29b0deb2871d31c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.6.3"
        }
    ]
}

Affected versions

buildenv-v0.*
buildenv-v0.2.0
buildenv-v0.2.1
buildenv-v0.2.2
buildenv-v0.3.0
buildenv-v0.3.1
buildenv-v0.3.2
buildenv-v0.3.3
buildenv-v0.3.4
buildenv-v0.4.0
buildenv-v0.4.1
buildenv-v0.5.0
buildenv-v0.5.1
buildenv-v0.5.2
buildenv-v0.5.3
buildenv-v0.6.0
buildenv-v0.6.1
buildenv-v0.6.2
v0.*
v0.2.0
v0.2.1
v0.2.2
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.3.4
v0.3.4.1
v0.4.0
v0.4.1
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.6.0
v0.6.1
v0.6.2

Database specific

vanir_signatures_modified 
"2026-04-11T23:34:04Z"
vanir_signatures 
[
    {
        "id": "CVE-2021-22550-24913b25",
        "target": {
            "file": "asylo/util/statusor.h"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "310405700852713691086764955692402379754",
                "310065802095698027011047663183738269079",
                "312289376163248216740647805151489310225",
                "81556857726243288039718610769457725544",
                "9938663545252293452405198839581423710"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/google/asylo/commit/49ea8b3ec7a31280bbbc2864375b1d19506d6d54",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2021-22550-a190eb25",
        "target": {
            "file": "asylo/platform/primitives/sgx/untrusted_cache_malloc.cc",
            "function": "UntrustedCacheMalloc::GetBuffer"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "324340882865174162518142847362939396353",
            "length": 608.0
        },
        "signature_type": "Function",
        "source": "https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2021-22550-d59b588a",
        "target": {
            "file": "asylo/platform/primitives/sgx/untrusted_cache_malloc.cc"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "302266554857286136183943282989466354521",
                "192108575824891427609433817722530469858",
                "6413376985837492149878608009366389190",
                "35815943247843364076385359851639162206",
                "123439773876058695008610047098402977316",
                "161686382595387852061273329649307725424",
                "52349830248926453678625798795136266642",
                "154438689577695076334591652158207116841"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/google/asylo/commit/a47ef55db2337d29de19c50cd29b0deb2871d31c",
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22550.json"