Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unchecked buffer overrun in ecall_restore
Vulnerability Description
An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. An attacker can use this pointer to write to arbitrary memory addresses including those within the secure enclave We recommend upgrading past commit 382da2b8b09cbf928668a2445efb778f76bd9c8a
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Vulnerability Title
Google Asylo 缓冲区错误漏洞
Vulnerability Description
Google Asylo是美国Google公司的一个用于开发可信应用程序的框架。该软件支持创建一个可信任的执行环境,包括软件隔离和硬件隔离。 Asylo up to 0.6.0 存在安全漏洞,该漏洞允许不受信任的攻击者可利用该漏洞使用属性输出调用ecall恢复,该属性输出不能检查指针的范围。攻击者可利用该漏洞可以使用这个指针写入任意内存地址。
CVSS Information
N/A
Vulnerability Type
N/A