CVE-2020-1751

EUVD-2020-12582
An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
redhatCNA
5.1 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
gnuglibc
𝑥
< 2.31
redhatenterprise_linux
8.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
fixed
bullseye (security)
2.31-13+deb11u10
fixed
buster
ignored
sid
2.40-3
fixed
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
bionic
dne
eoan
dne
focal
dne
trusty
ignored
xenial
dne
glibc
bionic
Fixed 2.27-3ubuntu1.2
released
eoan
Fixed 2.30-0ubuntu2.2
released
focal
not-affected
trusty
dne
xenial
Fixed 2.23-0ubuntu11.2
released
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751
https://security.gentoo.org/glsa/202006-04
https://security.netapp.com/advisory/ntap-20200430-0002/
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
https://usn.ubuntu.com/4416-1/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751
https://security.gentoo.org/glsa/202006-04
https://security.netapp.com/advisory/ntap-20200430-0002/
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
https://usn.ubuntu.com/4416-1/