CVE-2022-46486

A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.
References
Link Resource
https://jovanbulck.github.io/files/ccs19-tale.pdf Exploit Technical Description Third Party Advisory
https://jovanbulck.github.io/files/oakland24-pandora.pdf Exploit Technical Description Third Party Advisory
https://sconedocs.github.io/release5.7/ Release Notes
Configurations

Configuration 1 (hide)

cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*

History

08 Jan 2024, 14:20

Type Values Removed Values Added
CWE CWE-763
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:scontain:scone:*:*:*:*:*:*:*:*
First Time Scontain
Scontain scone
References () https://jovanbulck.github.io/files/ccs19-tale.pdf - () https://jovanbulck.github.io/files/ccs19-tale.pdf - Exploit, Technical Description, Third Party Advisory
References () https://sconedocs.github.io/release5.7/ - () https://sconedocs.github.io/release5.7/ - Release Notes
References () https://jovanbulck.github.io/files/oakland24-pandora.pdf - () https://jovanbulck.github.io/files/oakland24-pandora.pdf - Exploit, Technical Description, Third Party Advisory

30 Dec 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-30 03:15

Updated : 2024-02-28 20:54


NVD link : CVE-2022-46486

Mitre link : CVE-2022-46486

CVE.ORG link : CVE-2022-46486


JSON object : View

Products Affected

scontain

  • scone
CWE
CWE-763

Release of Invalid Pointer or Reference