An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function…
Google·CWE-823·Published 2020-08-12
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate the tmp_output_len value and write to an arbitrary location in the trusted (enclave) memory. We recommend updating Asylo to version 0.6.0 or later.
Se presenta una vulnerabilidad de sobrescritura de memoria arbitraria en la memoria confiable de Asylo en versiones anteriores a 0.6.0. Como la función ecall_restore presenta un fallo al comprobar el rango del puntero output_len, un atacante puede manipular el valor tmp_output_len y escribir en una ubicación arbitraria en la memoria confiable (enclave). Recomendamos actualizar Asylo en las versiones 0.6. 0 o posteriores
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.5 | 8.0 | 4.9 | AV:N/AC:L/Au:S/C:N/I:P/A:P |
| 3.1 | Primary | NVD | 9.6 | 3.1 | 5.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H |
| 3.1 | Primary | cve.org | 6.4 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |
| 3.1 | Primary | cve.org | 6.4 | — | — | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |
| 3.1 | Secondary | NVD | 6.4 | 1.1 | 4.7 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H |