Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-22552

Опубликовано: 02 авг. 2021
Источник: nvd
CVSS3: 5.3
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*
Версия до 0.6.1 (включая)

EPSS

Процентиль: 4%
0.00019
Низкий

5.3 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-126
CWE-125

Связанные уязвимости

github логотип

GHSA-wjwj-7rpq-5gg8

github
больше 3 лет назад

An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. This can allow the attacker to read memory from within the secure enclave. We recommend updating to Asylo 0.6.3 or past https://github.com/google/asylo/commit/90d7619e9dd99bcdb6cd28c7649d741d254d9a1a

EPSS

Процентиль: 4%
0.00019
Низкий

5.3 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-126
CWE-125