{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-04T11:27:00.706","vulnerabilities":[{"cve":{"id":"CVE-2020-8939","sourceIdentifier":"cve-coordination@google.com","published":"2020-12-15T15:15:13.363","lastModified":"2024-11-21T05:39:42.300","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4"},{"lang":"es","value":"Una lectura fuera de límites en la función enc_untrusted_inet_ntop permite que un ataque extienda el tamaño del resultado que usa la función memcpy() para leer la memoria desde dentro de la pila del enclave. Recomendamos actualizar más allá del commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4"}],"metrics":{"cvssMetricV31":[{"source":"cve-coordination@google.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cve-coordination@google.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:asylo:*:*:*:*:*:*:*:*","versionEndIncluding":"0.6.0","matchCriteriaId":"D4356338-A28E-442E-BD14-1A927E3824E9"}]}]}],"references":[{"url":"https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4","source":"cve-coordination@google.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}