Vulnerabilities > CVE-2022-46486 - Release of Invalid Pointer or Reference vulnerability in Scontain Scone

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

scontain

CWE-763

NVD

Published: 2023-12-30

Updated: 2024-01-08

Summary

A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Scontain Scontain Scone - Scontain Scone 5.4.0 Scontain Scone 5.5.0 Scontain Scone 5.6.0 Scontain Scone 5.7.0	5

Common Weakness Enumeration (CWE)

CWE-763 - Release of Invalid Pointer or Reference

References

https://sconedocs.github.io/release5.7/
https://jovanbulck.github.io/files/ccs19-tale.pdf
https://jovanbulck.github.io/files/oakland24-pandora.pdf