CVE-2020-8941

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8941

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8941.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8941

Published

2020-12-15T15:15:13.503Z

Modified

2025-11-14T11:10:10.586372Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedinetpton using an attacker controlled klinuxaddr_buffer parameter. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 8fed5e334131abaf9c5e17307642fbf6ce4a57ec

References

https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec

Affected packages

Git / github.com/google/asylo

Affected ranges

Type: GIT
Repo: https://github.com/google/asylo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

8fed5e334131abaf9c5e17307642fbf6ce4a57ec

Affected versions

buildenv-v0.*

buildenv-v0.2.0

buildenv-v0.2.1

buildenv-v0.2.2

buildenv-v0.3.0

buildenv-v0.3.1

buildenv-v0.3.2

buildenv-v0.3.3

buildenv-v0.3.4

buildenv-v0.4.0

buildenv-v0.4.1

buildenv-v0.5.0

buildenv-v0.5.1

buildenv-v0.5.2

buildenv-v0.5.3

buildenv-v0.6.0

v0.*

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.4.1

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "id": "CVE-2020-8941-e8428245",
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "272763479161283059232979627128145785043",
                "9579066003670168661470101314666859339",
                "946068527207800192872010277709937480",
                "128557099816473663900528745653420155013",
                "66935164756829083608561142490069646493",
                "226063189663614364199381937009213541942"
            ]
        },
        "target": {
            "file": "asylo/platform/host_call/trusted/host_calls.cc"
        }
    },
    {
        "signature_version": "v1",
        "id": "CVE-2020-8941-eabe183e",
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/google/asylo/commit/8fed5e334131abaf9c5e17307642fbf6ce4a57ec",
        "digest": {
            "length": 893.0,
            "function_hash": "181668973139639494832595629845544211768"
        },
        "target": {
            "function": "enc_untrusted_inet_pton",
            "file": "asylo/platform/host_call/trusted/host_calls.cc"
        }
    }
]