Vulnerability Details : CVE-2020-8939
An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4
Products affected by CVE-2020-8939
- cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8939
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 10 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8939
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N |
1.0
|
4.2
|
Google Inc. | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2020-8939
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by:
- cve-coordination@google.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2020-8939
-
https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4
Check for result size in dst in inet_ntop · google/asylo@6ff3b77 · GitHubPatch;Third Party Advisory
Jump to