Описание
Open Enclave SDK Information Disclosure Vulnerability
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information stored in the Enclave.
To exploit this vulnerability, an attacker would have to successfully compromise the host application running the enclave. The attacker can then pivot to the enclave and exploit this vulnerability without user interaction.
The security update addresses the vulnerability by modifying how Open Enclave SDK handle objects in memory.
FAQ
What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Enclave memory read - unprivileged write to enclave memory from a host application, which can leak memory contents of the enclave.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
7 High
CVSS3
Связанные уязвимости
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
Уязвимость средств разработки программного обеспечения Open Enclave SDK, связанная с ошибкой обработки объектов в памяти, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7 High
CVSS3