Strix
26.1K

CVE-2021-36218

HIGHCVSS 7.5/10EPSS 1.52%

Last modified

CVE-2021-36218 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. EPSS estimates a 1.52% chance of exploitation in the next 30 days.

Description

An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability
1.52%

71.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SkaleSgxwallet1.58.3

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-36218?
An issue was discovered in SKALE sgxwallet 1.58.3. sgx_disp_ippsAES_GCMEncrypt allows an out-of-bounds write, resulting in a segfault and compromised enclave. This issue describes a buffer overflow, which was resolved prior to v1.77.0 and not reproducible in latest sgxwallet v1.77.0
How severe is CVE-2021-36218?
CVE-2021-36218 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 1.52% probability of exploitation in the next 30 days.
How do I fix CVE-2021-36218?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-36218?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST