Vulnerabilities > Google > Asylo > 0.5.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-12-15 | CVE-2020-8938 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave. | 2.1 |
| 2020-12-15 | CVE-2020-8937 | Out-of-bounds Write vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located. | 2.1 |
| 2020-12-15 | CVE-2020-8936 | Out-of-bounds Read vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall. | 2.1 |
| 2020-12-15 | CVE-2020-8935 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address. | 4.6 |
| 2020-08-12 | CVE-2020-8905 | Classic Buffer Overflow vulnerability in Google Asylo A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. | 4.0 |
| 2020-08-12 | CVE-2020-8904 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Asylo An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. | 5.5 |