github - ghsa-8mgg-4h42-8rj6

GHSA-8MGG-4H42-8RJ6

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36

Details

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-8939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-15T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4",
  "id": "GHSA-8mgg-4h42-8rj6",
  "modified": "2022-05-24T17:36:37Z",
  "published": "2022-05-24T17:36:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8939"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2020-8939 (GCVE-0-2020-8939)

Vulnerability from cvelistv5 – Published: 2020-12-15 14:55 – Updated: 2024-08-04 10:12

Title

Out of Bounds read in Asylo

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE

CWE-125 - Out-of-bounds Read

Assigner

Google

References

URL

Tags

https://github.com/google/asylo/commit/6ff3b77ffe…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Google LLC	Asylo	Affected: unspecified , ≤ 0.6.0 (custom)

Credits

Qinkun Bao (Baidu Security) Zhaofeng Chen (Baidu Security) Mingshen Sun (Baidu Security) Kang Li (Baidu Security)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:11.010Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Asylo",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThanOrEqual": "0.6.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Qinkun Bao (Baidu Security)"
        },
        {
          "lang": "en",
          "value": "Zhaofeng Chen (Baidu Security)"
        },
        {
          "lang": "en",
          "value": "Mingshen Sun (Baidu Security)"
        },
        {
          "lang": "en",
          "value": "Kang Li (Baidu Security)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-15T14:55:35",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Out of Bounds read in Asylo",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2020-8939",
          "STATE": "PUBLIC",
          "TITLE": "Out of Bounds read in Asylo"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Asylo",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "0.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Qinkun Bao (Baidu Security)"
          },
          {
            "lang": "eng",
            "value": "Zhaofeng Chen (Baidu Security)"
          },
          {
            "lang": "eng",
            "value": "Mingshen Sun (Baidu Security)"
          },
          {
            "lang": "eng",
            "value": "Kang Li (Baidu Security)"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4",
              "refsource": "CONFIRM",
              "url": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2020-8939",
    "datePublished": "2020-12-15T14:55:35",
    "dateReserved": "2020-02-12T00:00:00",
    "dateUpdated": "2024-08-04T10:12:11.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-8MGG-4H42-8RJ6

CVE-2020-8939 (GCVE-0-2020-8939)

Tags

Sightings

Nomenclature