{"id":"CVE-2021-36219","details":"An issue was discovered in SKALE sgxwallet 1.58.3. The provided input for ECALL 14 triggers a branch in trustedEcdsaSign that frees a non-initialized pointer from the stack. An attacker can chain multiple enclave calls to prepare a stack that contains a valid address. This address is then freed, resulting in compromised integrity of the enclave. This was resolved after v1.58.3 and not reproducible in sgxwallet v1.77.0.","modified":"2026-04-10T04:36:13.652022Z","published":"2021-09-27T14:15:08.537Z","references":[{"type":"ADVISORY","url":"https://github.com/skalenetwork/sgxwallet/releases"},{"type":"FIX","url":"https://github.com/skalenetwork/sgxwallet/commit/4e9b5b7526db083177e81f8bafeaa4914d276a82"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/skalenetwork/sgxwallet","events":[{"introduced":"0"},{"last_affected":"6d6e49b766c39c3247e7f1e015f7e090398adee4"},{"fixed":"4e9b5b7526db083177e81f8bafeaa4914d276a82"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.58.3"}]}}],"versions":["1.50.2-develop.0","1.50.3-develop.0","1.50.3-develop.1","1.50.3-develop.2","1.51.0-beta.0","1.51.0-develop.0","1.51.1-develop.0","1.51.1-develop.1","1.51.1-develop.2","1.51.1-develop.3","1.51.1-develop.4","1.51.1-develop.5","1.51.1-develop.6","1.51.1-develop.7","1.52.0-beta.0","1.52.0-develop.0","1.52.0-develop.1","1.52.0-develop.2","1.53.0-develop.0","1.53.0-develop.1","1.53.0-develop.2","1.53.0-develop.3","1.53.0-develop.4","1.53.0-develop.5","1.53.0-develop.6","1.53.0-develop.7","1.53.0-develop.8","1.53.0-develop.9","1.54.0-develop.0","1.54.0-develop.1","1.54.0-develop.2","1.56.0-develop.0","1.56.0-develop.1","1.56.0-develop.10","1.56.0-develop.2","1.56.0-develop.3","1.56.0-develop.4","1.56.0-develop.5","1.56.0-develop.6","1.56.0-develop.7","1.56.0-develop.8","1.56.0-develop.9","1.57.0-develop.1","1.58.0-develop.0","1.58.0-develop.1","1.58.0-develop.2","1.58.0-develop.3","1.58.0-develop.4","build_base_1_51","build_base_1_58_3","buld_base_1.57","sgxwallet.1.49-develop.4","sgxwallet.1.50.2-develop.0","sgxwalletsim.1.49-develop.4","sgxwalletsim.1.50.2-develop.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36219.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}