CVE-2020-8943

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8943

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-8943.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-8943

Published

2020-12-15T15:15:13.643Z

Modified

2025-11-14T11:10:11.728506Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to encuntrustedrecvfrom whose return size was not validated against the requested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit 6e158d558abd3c29a0208e30c97c9a8c5bd4230f

References

https://github.com/google/asylo/commit/6e158d558abd3c29a0208e30c97c9a8c5bd4230f

Affected packages

Git / github.com/google/asylo

Affected ranges

Type: GIT
Repo: https://github.com/google/asylo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6e158d558abd3c29a0208e30c97c9a8c5bd4230f

Affected versions

buildenv-v0.*

buildenv-v0.2.0

buildenv-v0.2.1

buildenv-v0.2.2

buildenv-v0.3.0

buildenv-v0.3.1

buildenv-v0.3.2

buildenv-v0.3.3

buildenv-v0.3.4

buildenv-v0.4.0

buildenv-v0.4.1

buildenv-v0.5.0

buildenv-v0.5.1

buildenv-v0.5.2

buildenv-v0.5.3

buildenv-v0.6.0

v0.*

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.4.1

v0.4.0

v0.4.1

v0.5.0

v0.5.1

v0.5.2

v0.5.3

v0.6.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "function_hash": "48565718801156288459539783468833008847",
            "length": 1052.0
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1",
        "target": {
            "file": "asylo/platform/host_call/trusted/host_calls.cc",
            "function": "enc_untrusted_recvfrom"
        },
        "id": "CVE-2020-8943-6a2026d1",
        "source": "https://github.com/google/asylo/commit/6e158d558abd3c29a0208e30c97c9a8c5bd4230f"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "311811746759607890627676256226912627612",
                "299985189300181083316526458289578341967",
                "252815185003023914765289432264592966605"
            ]
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1",
        "target": {
            "file": "asylo/platform/host_call/trusted/host_calls.cc"
        },
        "id": "CVE-2020-8943-d7dfe2b7",
        "source": "https://github.com/google/asylo/commit/6e158d558abd3c29a0208e30c97c9a8c5bd4230f"
    }
]