Vulnerability Description
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Glibc | < 2.31 |
| Redhat | Enterprise Linux | 8.0 |
| Canonical | Ubuntu Linux | 16.04 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/202006-04Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200430-0002/Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=25423Issue TrackingThird Party Advisory
- https://usn.ubuntu.com/4416-1/Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/202006-04Third Party Advisory
- https://security.netapp.com/advisory/ntap-20200430-0002/Third Party Advisory
- https://sourceware.org/bugzilla/show_bug.cgi?id=25423Issue TrackingThird Party Advisory
- https://usn.ubuntu.com/4416-1/Third Party Advisory
FAQ
What is CVE-2020-1751?
CVE-2020-1751 is a vulnerability with a CVSS score of 5.1 (MEDIUM). An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when stori...
How severe is CVE-2020-1751?
CVE-2020-1751 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-1751?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Glibc, Redhat Enterprise Linux, Canonical Ubuntu Linux.