An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0.
References
Link | Resource |
---|---|
https://github.com/skalenetwork/sgxwallet/commit/4e9b5b7526db083177e81f8bafeaa4914d276a82 | Patch Third Party Advisory |
https://github.com/skalenetwork/sgxwallet/releases | Release Notes Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-27T13:22:28
Updated: 2021-09-27T13:22:28
Reserved: 2021-07-07T00:00:00
Link: CVE-2021-36219
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-27T14:15:08.537
Modified: 2021-10-01T22:19:17.193
Link: CVE-2021-36219
JSON object: View
Redhat Information
No data.
CWE