Vulnerabilities > Google > Asylo > 0.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-22552 | Out-of-bounds Read vulnerability in Google Asylo An untrusted memory read vulnerability in Asylo versions up to 0.6.1 allows an untrusted attacker to pass a syscall number in MessageReader that is then used by sysno() and can bypass validation. | 2.1 |
| 2021-06-08 | CVE-2021-22548 | Unspecified vulnerability in Google Asylo An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. | 4.6 |
| 2021-06-08 | CVE-2021-22549 | Exposure of Resource to Wrong Sphere vulnerability in Google Asylo An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. | 7.8 |
| 2021-06-08 | CVE-2021-22550 | Exposure of Resource to Wrong Sphere vulnerability in Google Asylo An attacker can modify the pointers in enclave memory to overwrite arbitrary memory addresses within the secure enclave. | 4.6 |
| 2020-12-15 | CVE-2020-8944 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer. | 2.1 |
| 2020-12-15 | CVE-2020-8943 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size. | 2.1 |
| 2020-12-15 | CVE-2020-8942 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size. | 2.1 |
| 2020-12-15 | CVE-2020-8941 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter. | 2.1 |
| 2020-12-15 | CVE-2020-8940 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter. | 2.1 |
| 2020-12-15 | CVE-2020-8939 | Out-of-bounds Read vulnerability in Google Asylo An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. | 2.1 |