CVE-2020-1751

CWE-787 — Out-of-bounds Write13 documents9 sources

Severity

7.0HIGH

EPSS

0.1%

top 66.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc RED HAT Glibc Canonical Ubuntu Linux +1 more

Timeline

PublishedApr 17

Latest updateMay 24

Description

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 1.4 | Impact: 3.6

Affected Packages3 packages

▶NVDgnu/glibc< 2.31

▶Debianglibc< 2.30-3+3

▶CVEListV5red_hat/glibc2.31

Also affects: Ubuntu Linux 16.04, 18.04, 19.10, Enterprise Linux 8.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-22j8-wpwh-4rrr: An out-of-bounds write vulnerability was found in glibc before 2↗2022-05-24

▶

CVEList

CVE-2020-1751: An out-of-bounds write vulnerability was found in glibc before 2↗2020-04-17

▶

OSV

CVE-2020-1751: An out-of-bounds write vulnerability was found in glibc before 2↗2020-04-17

▶

📋Vendor Advisories

Ubuntu

GNU C Library vulnerabilities↗2020-07-06

▶

Microsoft

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically the backtrace function did not properly check the array bounds when storin↗2020-04-14

▶

Red Hat

glibc: array overflow in backtrace functions for powerpc↗2020-01-20

▶

Debian

CVE-2020-1751: glibc - An out-of-bounds write vulnerability was found in glibc before 2.31 when handlin...↗2020

▶

💬Community

Bugzilla

CVE-2020-27768 ImageMagick: outside the range of representable values of type 'unsigned int' at MagickCore/quantum-private.h↗2020-11-04

▶

Bugzilla

CVE-2020-15011 mailman: arbitrary content injection via the private archive login page↗2020-06-24

▶

Bugzilla

CVE-2020-12108 mailman: arbitrary content injection via the options login page↗2020-06-19

▶

Bugzilla

CVE-2020-1751 glibc: array overflow in backtrace functions for powerpc [fedora-all]↗2020-03-09

▶

Bugzilla

CVE-2020-1751 glibc: array overflow in backtrace functions for powerpc↗2020-03-05

▶