CVE-2021-22549

MEDIUM

Asylo <0.6.2 - Memory Corruption

Title source: llm

Description

An attacker can modify the address to point to trusted memory to overwrite arbitrary trusted memory. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c

References (1)

[Patch, Third Party Advisory] https://github.com/google/asylo/commit/ecfcd0008b6f8f63c6fa3cc1b62fcd4a52f2c0ad

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 4.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Classification

CWE

CWE-823 CWE-668

Status published

Affected Products (1)

google/asylo < 0.6.2

Timeline

Published Jun 08, 2021

Tracked Since Feb 18, 2026