CVE-2020-8939

Name: CVE-2020-8939
Creator: NVD / NIST
Published: 2020-12-15T15:15:13.363+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.5/10EPSS 0.13%

Last modified Jun 17, 2026

CVE-2020-8939 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap. We recommend upgrading past commit 6ff3b77ffe110a33a2f93848a6333f33616f02c4

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS Probability

0.13%

3.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Google	Asylo	<= 0.6.0

References

https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4Patch, Third Party Advisory
https://github.com/google/asylo/commit/6ff3b77ffe110a33a2f93848a6333f33616f02c4Patch, Third Party Advisory

Timeline

Published: Dec 15, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-8939?

How severe is CVE-2020-8939?

CVE-2020-8939 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.

How do I fix CVE-2020-8939?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-8939?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST