Vulnerability-Lookup

CNVD-2020-64264

Vulnerability from cnvd - Published: 2020-11-18

Title

Microsoft Open Enclave SDK信息泄露漏洞（CNVD-2020-64264）

Description

Microsoft Open Enclave SDK是美国微软（Microsoft）公司的一款用于在C和C ++中构建安全区应用程序的SDK（软件开发工具包）。 Open Enclave 0.12.0之前版本存在安全漏洞，该漏洞源于当Enclave应用程序使用套接字提供的系统调用时，会存在信息泄露漏洞。攻击者可利用该漏洞可以跨越信任边界从enclave堆读取特权数据。

Severity

低

Patch Name

Microsoft Open Enclave SDK信息泄露漏洞（CNVD-2020-64264）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-15224

Impacted products

Name
Microsoft Microsoft Open Enclave SDK <0.12.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15224",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15224"
    }
  },
  "description": "Microsoft Open Enclave SDK\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5728C\u548cC ++\u4e2d\u6784\u5efa\u5b89\u5168\u533a\u5e94\u7528\u7a0b\u5e8f\u7684SDK\uff08\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\uff09\u3002\n\nOpen Enclave 0.12.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53Enclave\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u5957\u63a5\u5b57\u63d0\u4f9b\u7684\u7cfb\u7edf\u8c03\u7528\u65f6\uff0c\u4f1a\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u4eceenclave\u5806\u8bfb\u53d6\u7279\u6743\u6570\u636e\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-64264",
  "openTime": "2020-11-18",
  "patchDescription": "Microsoft Open Enclave SDK\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7528\u4e8e\u5728C\u548cC ++\u4e2d\u6784\u5efa\u5b89\u5168\u533a\u5e94\u7528\u7a0b\u5e8f\u7684SDK\uff08\u8f6f\u4ef6\u5f00\u53d1\u5de5\u5177\u5305\uff09\u3002\r\n\r\nOpen Enclave 0.12.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5f53Enclave\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u5957\u63a5\u5b57\u63d0\u4f9b\u7684\u7cfb\u7edf\u8c03\u7528\u65f6\uff0c\u4f1a\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4ee5\u8de8\u8d8a\u4fe1\u4efb\u8fb9\u754c\u4eceenclave\u5806\u8bfb\u53d6\u7279\u6743\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Open Enclave SDK\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-64264\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Microsoft Microsoft Open Enclave SDK \u003c0.12.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15224",
  "serverity": "\u4f4e",
  "submitTime": "2020-10-21",
  "title": "Microsoft Open Enclave SDK\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-64264\uff09"
}

CVE-2020-15224 (GCVE-0-2020-15224)

Vulnerability from cvelistv5 – Published: 2020-10-14 18:35 – Updated: 2024-08-04 13:08

Title

Socket syscalls can leak enclave memory contents in Open Enclave

Summary

In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability.

Severity

6.8 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-552 - Files or Directories Accessible to External Parties

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/openenclave/openenclave/securi…	x_refsource_CONFIRM
https://github.com/openenclave/openenclave/blob/m…	x_refsource_MISC
https://github.com/openenclave/openenclave/commit…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
openenclave	openenclave	Affected: < 0.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.881Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openenclave",
          "vendor": "openenclave",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-552",
              "description": "CWE-552 Files or Directories Accessible to External Parties",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-14T18:35:16.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
        }
      ],
      "source": {
        "advisory": "GHSA-525h-wxcc-f66m",
        "discovery": "UNKNOWN"
      },
      "title": "Socket syscalls can leak enclave memory contents in Open Enclave",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15224",
          "STATE": "PUBLIC",
          "TITLE": "Socket syscalls can leak enclave memory contents in Open Enclave"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "openenclave",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 0.12.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "openenclave"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-552 Files or Directories Accessible to External Parties"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m",
              "refsource": "CONFIRM",
              "url": "https://github.com/openenclave/openenclave/security/advisories/GHSA-525h-wxcc-f66m"
            },
            {
              "name": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120",
              "refsource": "MISC",
              "url": "https://github.com/openenclave/openenclave/blob/master/CHANGELOG.md#v0120"
            },
            {
              "name": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b",
              "refsource": "MISC",
              "url": "https://github.com/openenclave/openenclave/commit/bcac8e7acb514429fee9e0b5d0c7a0308fd4d76b"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-525h-wxcc-f66m",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15224",
    "datePublished": "2020-10-14T18:35:17.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.881Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-64264

CVE-2020-15224 (GCVE-0-2020-15224)

Tags

Sightings

Nomenclature