CVE-2020-8942

{"id": "CVE-2020-8942", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cve-coordination@google.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.0}]}, "published": "2020-12-15T15:15:13.567", "references": [{"url": "https://github.com/google/asylo/commit/b1d120a2c7d7446d2cc58d517e20a1b184b82200", "tags": ["Patch", "Third Party Advisory"], "source": "cve-coordination@google.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "cve-coordination@google.com", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. The parameter size is unchecked allowing the attacker to read memory locations outside of the intended buffer size including memory addresses within the secure enclave. We recommend upgrading past commit b1d120a2c7d7446d2cc58d517e20a1b184b82200"}, {"lang": "es", "value": "Una vulnerabilidad de lectura de memoria arbitraria en Asylo versiones hasta 0.6.0, permite a un atacante que no es confiable realizar una llamada a la funci\u00f3n enc_untrusted_read cuyo tama\u00f1o de retorno no se comprob\u00f3 contra el tama\u00f1o requerido. El tama\u00f1o del par\u00e1metro no es comprobado, permitiendo al atacante leer ubicaciones de memoria fuera del tama\u00f1o de b\u00fafer previsto, incluyendo unas direcciones de memoria dentro del enclave seguro. Recomendamos actualizar m\u00e1s all\u00e1 del commit b1d120a2c7d7446d2cc58d517e20a1b184b82200"}], "lastModified": "2020-12-17T18:44:28.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4356338-A28E-442E-BD14-1A927E3824E9", "versionEndIncluding": "0.6.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@google.com"}