CVE-2020-8905 - OpenCVE

A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Asylo

Configuration 1 [-]

cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93

History

No history.

MITRE

Status: PUBLISHED

Assigner: Google

Published: 2020-08-12T18:20:13.466578Z

Updated: 2024-09-17T00:06:27.121Z

Reserved: 2020-02-12T00:00:00

Link: CVE-2020-8905

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-08-12T19:15:14.670

Modified: 2020-08-13T14:40:49.783

Link: CVE-2020-8905

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Asylo", "vendor": "Google LLC", "versions": [{"lessThan": "0.6.0", "status": "affected", "version": "stable", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Qinkun Bao, Zhaofeng Chen, Mingshen Sun, and Kang Li from Baidu Security"}], "datePublic": "2020-07-22T00:00:00", "descriptions": [{"lang": "en", "value": "A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-12T18:20:13", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"}], "source": {"discovery": "EXTERNAL"}, "title": "Confidential Information Disclosure vulnerability in Asylo", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "DATE_PUBLIC": "2020-07-22T00:22:00.000Z", "ID": "CVE-2020-8905", "STATE": "PUBLIC", "TITLE": "Confidential Information Disclosure vulnerability in Asylo"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Asylo", "version": {"version_data": [{"version_affected": "<", "version_name": "stable", "version_value": "0.6.0"}]}}]}, "vendor_name": "Google LLC"}]}}, "credit": [{"lang": "eng", "value": "Qinkun Bao, Zhaofeng Chen, Mingshen Sun, and Kang Li from Baidu Security"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93", "refsource": "CONFIRM", "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:12:11.061Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"}]}]}, "cveMetadata": {"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2020-8905", "datePublished": "2020-08-12T18:20:13.466578Z", "dateReserved": "2020-02-12T00:00:00", "dateUpdated": "2024-09-17T00:06:27.121Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*", "matchCriteriaId": "2E43ACF0-4DFF-4A7A-BC8B-90E067F13206", "versionEndExcluding": "0.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n de longitud del b\u00fafer en Asylo versiones anteriores a 0.6.0, permite a un atacante leer datos a los que no deber\u00eda tener acceso. La funci\u00f3n \"enc_untrusted_recvfrom\" genera un valor de retorno que es deserializado por \"lMessageReader\" y copiado en tres \"extents\" diferentes. La longitud de los ''extents\" de terceros es controlada por el mundo exterior y no es verificada en la copia, permitiendo al atacante forzar a Asylo a copiar datos de memoria confiables en un b\u00fafer no confiable de longitud significativamente peque\u00f1a. Recomendamos actualizar Asylo en las versiones 0.6. 0 o posteriores"}], "id": "CVE-2020-8905", "lastModified": "2020-08-13T14:40:49.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.1, "impactScore": 1.4, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2020-08-12T19:15:14.670", "references": [{"source": "cve-coordination@google.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}