CVE-2020-8939

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8939

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8939.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8939

Published

2020-12-15T15:15:13.363Z

Modified

2025-11-14T11:10:10.031096Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An out of bounds read on the encuntrustedinet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

References

https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4

Affected packages

Git / github.com/google/asylo

Affected ranges

Type: GIT
Repo: https://github.com/google/asylo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6ff3b77ffe110a33a2f93848a6333f33616f02c4

Affected versions

buildenv-v0.*

buildenv-v0.2.0

buildenv-v0.2.1

buildenv-v0.2.2

buildenv-v0.3.0

buildenv-v0.3.1

buildenv-v0.3.2

buildenv-v0.3.3

buildenv-v0.3.4

buildenv-v0.4.0

buildenv-v0.4.1

buildenv-v0.5.0

buildenv-v0.5.1

buildenv-v0.5.2

buildenv-v0.5.3

buildenv-v0.6.0

v0.*

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.4.1

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "length": 991.0,
            "function_hash": "135038296171550800255256998280934211969"
        },
        "target": {
            "function": "enc_untrusted_inet_ntop",
            "file": "asylo/platform/host_call/trusted/host_calls.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-8939-8b91fab6",
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4"
    },
    {
        "digest": {
            "line_hashes": [
                "153814041358479376129214332076057155395",
                "45922329269225053110307145393781663788",
                "120923426945754041805254235783950991193",
                "79748621226130253570625482495852408872",
                "242354140484151961163145778075231999227",
                "153518137929070858687433313067831900743"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "asylo/platform/host_call/trusted/host_calls.cc"
        },
        "deprecated": false,
        "id": "CVE-2020-8939-8dfe20e5",
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8939.json"