Browse all 3 CVE security advisories affecting openenclave. AI-powered Chinese analysis, POCs, and references for each vulnerability.
OpenEnclave provides a secure enclave framework for developing trusted applications that process sensitive data in isolated environments. Historically, the project has been associated with remote code execution vulnerabilities, often stemming from memory corruption flaws in its core libraries. Privilege escalation issues have also been documented, where improper access controls could allow enclave boundaries to be compromised. While no major public security incidents have been reported, the three CVEs on record highlight potential risks in memory management and input validation. The project's security model relies on hardware-based isolation, but its complexity introduces multiple attack surfaces requiring continuous scrutiny.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-37479 | Improper sanitization of MXCSR and RFLAGS in OpenEnclave — openenclaveCWE-665 | 5.3 | Medium | 2023-07-17 |
| CVE-2020-15224 | Socket syscalls can leak enclave memory contents in Open Enclave — openenclaveCWE-552 | 6.8 | Medium | 2020-10-14 |
| CVE-2020-15107 | x87 FPU operations in enclaves are vulnerable to ABI poisoning in openenclave — openenclave | 5.3 | Medium | 2020-07-15 |
This page lists every published CVE security advisory associated with openenclave. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.