CVE-2020-1751

NameCVE-2020-1751
DescriptionAn out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)jessie, jessie (lts)2.19-18+deb8u14vulnerable
stretch (security)2.24-11+deb9u1vulnerable
stretch (lts), stretch2.24-11+deb9u7vulnerable
buster (security), buster, buster (lts)2.28-10+deb10u4vulnerable
bullseye2.31-13+deb11u11fixed
bullseye (security)2.31-13+deb11u10fixed
bookworm2.36-9+deb12u9fixed
bookworm (security)2.36-9+deb12u7fixed
sid, trixie2.40-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsource(unstable)2.30-3

Notes

[buster] - glibc <ignored> (powerpc is not supported by LTS)
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494
[stretch] - glibc <ignored> (powerpc is not supported by ELTS)
[jessie] - glibc <ignored> (powerpc is not supported by ELTS)

Search for package or bug name: Reporting problems