Home > Vulnerability Database > CVE-2021-22549

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2021-22549

Date: June 8, 2021

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

Language: C++

Severity Score

6.5

Related Resources (3)

Url: https://github.com/google/asylo/commit/ecfcd0008b6f8f63c6fa3cc1b62fcd4a52f2c0ad

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-22549

Url: https://www.mend.io/vulnerability-database/CVE-2021-22549

Severity Score

6.5

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Use of Out-of-range Pointer Offset

CWE-823

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us