You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We found several security vulnerabilities in the enclave.
First, the g_environment pointer can be null while being dereferenced.
Since it contains nested pointers, i.e., the std::map, an attacker can gain arbitrary read/write by mapping the null page.
In addition, there are stack-based buffer overflow vulnerabilities in ecdsa_keygen_unseal, tc_provision_ecdsa_key, ecdsa_keygen_unseal, and tc_provision_hybrid_key.
The text was updated successfully, but these errors were encountered:
We found several security vulnerabilities in the enclave.
First, the
g_environmentpointer can be null while being dereferenced.Since it contains nested pointers, i.e., the
std::map, an attacker can gain arbitrary read/write by mapping the null page.In addition, there are stack-based buffer overflow vulnerabilities in
ecdsa_keygen_unseal,tc_provision_ecdsa_key,ecdsa_keygen_unseal, andtc_provision_hybrid_key.The text was updated successfully, but these errors were encountered: