CVE-2020-1751

NameCVE-2020-1751
DescriptionAn out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
glibc (PTS)buster2.28-10+deb10u1vulnerable
buster (security)2.28-10+deb10u2vulnerable
bullseye2.31-13+deb11u8fixed
bullseye (security)2.31-13+deb11u7fixed
bookworm, bookworm (security)2.36-9+deb12u4fixed
trixie2.37-15fixed
sid2.37-15.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
glibcsource(unstable)2.30-3

Notes

[buster] - glibc <ignored> (powerpc is not supported by LTS)
https://sourceware.org/bugzilla/show_bug.cgi?id=25423
Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494

Search for package or bug name: Reporting problems