Vulnerability-Lookup

CNVD-2020-48220

Vulnerability from cnvd - Published: 2020-08-25

Title

Asylo缓冲区溢出漏洞

Description

Asylo是Google开源的下一代机密运算框架，旨在提供一个在可信执行环境（Trusted Execution Environments，TEEs）中执行的应用的开发框架和SDK，以确保应用及资料的安全性。 Asylo 0.6.0之前版本中存在缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Severity

中

Patch Name

Asylo缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新: https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-8905

Impacted products

Name
Google Asylo <0.6.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-8905",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-8905"
    }
  },
  "description": "Asylo\u662fGoogle\u5f00\u6e90\u7684\u4e0b\u4e00\u4ee3\u673a\u5bc6\u8fd0\u7b97\u6846\u67b6\uff0c\u65e8\u5728\u63d0\u4f9b\u4e00\u4e2a\u5728\u53ef\u4fe1\u6267\u884c\u73af\u5883\uff08Trusted Execution Environments\uff0cTEEs\uff09\u4e2d\u6267\u884c\u7684\u5e94\u7528\u7684\u5f00\u53d1\u6846\u67b6\u548cSDK\uff0c\u4ee5\u786e\u4fdd\u5e94\u7528\u53ca\u8d44\u6599\u7684\u5b89\u5168\u6027\u3002\n\nAsylo 0.6.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0:\r\nhttps://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-48220",
  "openTime": "2020-08-25",
  "patchDescription": "Asylo\u662fGoogle\u5f00\u6e90\u7684\u4e0b\u4e00\u4ee3\u673a\u5bc6\u8fd0\u7b97\u6846\u67b6\uff0c\u65e8\u5728\u63d0\u4f9b\u4e00\u4e2a\u5728\u53ef\u4fe1\u6267\u884c\u73af\u5883\uff08Trusted Execution Environments\uff0cTEEs\uff09\u4e2d\u6267\u884c\u7684\u5e94\u7528\u7684\u5f00\u53d1\u6846\u67b6\u548cSDK\uff0c\u4ee5\u786e\u4fdd\u5e94\u7528\u53ca\u8d44\u6599\u7684\u5b89\u5168\u6027\u3002\r\n\r\nAsylo 0.6.0\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Asylo\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Asylo \u003c0.6.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-8905",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-17",
  "title": "Asylo\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

CVE-2020-8905 (GCVE-0-2020-8905)

Vulnerability from cvelistv5 – Published: 2020-08-12 18:20 – Updated: 2024-09-17 00:06

Title

Confidential Information Disclosure vulnerability in Asylo

Summary

A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.

Severity ?

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-120 - Buffer Overflow

Assigner

Google

References

URL

Tags

https://github.com/google/asylo/commit/299f804acb…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Google LLC	Asylo	Affected: stable , < 0.6.0 (custom)

Credits

Qinkun Bao, Zhaofeng Chen, Mingshen Sun, and Kang Li from Baidu Security

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:12:11.061Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Asylo",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "0.6.0",
              "status": "affected",
              "version": "stable",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Qinkun Bao, Zhaofeng Chen, Mingshen Sun, and Kang Li from Baidu Security"
        }
      ],
      "datePublic": "2020-07-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The \u0027enc_untrusted_recvfrom\u0027 function generates a return value which is deserialized by \u0027MessageReader\u0027, and copied into three different \u0027extents\u0027. The length of the third \u0027extents\u0027 is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-12T18:20:13",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Confidential Information Disclosure vulnerability in Asylo",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "DATE_PUBLIC": "2020-07-22T00:22:00.000Z",
          "ID": "CVE-2020-8905",
          "STATE": "PUBLIC",
          "TITLE": "Confidential Information Disclosure vulnerability in Asylo"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Asylo",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "stable",
                            "version_value": "0.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Google LLC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Qinkun Bao, Zhaofeng Chen, Mingshen Sun, and Kang Li from Baidu Security"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The \u0027enc_untrusted_recvfrom\u0027 function generates a return value which is deserialized by \u0027MessageReader\u0027, and copied into three different \u0027extents\u0027. The length of the third \u0027extents\u0027 is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120 Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93",
              "refsource": "CONFIRM",
              "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"
            }
          ]
        },
        "source": {
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2020-8905",
    "datePublished": "2020-08-12T18:20:13.466578Z",
    "dateReserved": "2020-02-12T00:00:00",
    "dateUpdated": "2024-09-17T00:06:27.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-48220

CVE-2020-8905 (GCVE-0-2020-8905)

Tags

Sightings

Nomenclature