Name | CVE-2020-1751 |
Description | An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
glibc (PTS) | jessie, jessie (lts) | 2.19-18+deb8u14 | vulnerable |
| stretch (security) | 2.24-11+deb9u1 | vulnerable |
| stretch (lts), stretch | 2.24-11+deb9u7 | vulnerable |
| buster (security), buster, buster (lts) | 2.28-10+deb10u4 | vulnerable |
| bullseye | 2.31-13+deb11u11 | fixed |
| bullseye (security) | 2.31-13+deb11u10 | fixed |
| bookworm | 2.36-9+deb12u8 | fixed |
| bookworm (security) | 2.36-9+deb12u7 | fixed |
| sid, trixie | 2.40-3 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
glibc | source | (unstable) | 2.30-3 | | | |
Notes
[buster] - glibc <ignored> (powerpc is not supported by LTS)
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494
[stretch] - glibc <ignored> (powerpc is not supported by ELTS)
[jessie] - glibc <ignored> (powerpc is not supported by ELTS)