Low severity2.8NVD Advisory· Published Aug 12, 2020· Updated Jun 17, 2026
CVE-2020-8905
CVE-2020-8905
Description
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The 'enc_untrusted_recvfrom' function generates a return value which is deserialized by 'MessageReader', and copied into three different 'extents'. The length of the third 'extents' is controlled by the outside world, and not verified on copy, allowing the attacker to force Asylo to copy trusted memory data into an untrusted buffer of significantly small length.. We recommend updating Asylo to version 0.6.0 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Google LLC/Asylov5Range: stable
Patches
Vulnerability mechanics
References
1- github.com/google/asylo/commit/299f804acbb95a612ab7c504d25ab908aa59ae93nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.