Vulnerability CVE-2020-1751

Vulnerability Name:

CVE-2020-1751 (CCN-180052)

Assigned:

2019-11-27

Published:

2020-01-20

Updated:

2023-01-27

Summary:

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

CVSS v3 Severity:

7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.0 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.1 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

5.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-787

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-1751

Source: CCN
Type: Red Hat Bugzilla Bug 1810719
(CVE-2020-1751) - CVE-2020-1751 glibc: array overflow in backtrace functions for powerpc

Source: secalert@redhat.com
Type: Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
gnu-glibc-cve20201751-code-exec(180052)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: glibc.git Repository
Add NEWS entry for CVE-2020-1751 (bug 25423)

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6381220 (Cloud Pak for Data)
Security Vulnerabilities in GNU glibc affect IBM Cloud Pak for Data - GNU glibc (CVE-2020-1751)

Source: CCN
Type: IBM Security Bulletin 6829155 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in GNU glibc (CVE-2020-1751).

Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:glibc:2.30:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_pak_for_data:2.5:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_data:3.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20201751	V	CVE-2020-1751	2023-06-22
oval:org.opensuse.security:def:8010	P	glibc-devel-32bit-2.31-150300.46.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7510	P	glibc-2.31-150300.46.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:663	P	Security update for tiff (Low)	2022-08-03
oval:org.opensuse.security:def:3385	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:1393	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important) (in QA)	2022-06-27
oval:org.opensuse.security:def:94565	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95015	P	glibc-devel-32bit-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2935	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:68	P	glibc-2.31-7.30 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:100432	P	(Important)	2022-03-10
oval:org.opensuse.security:def:997	P	Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container (Important)	2022-01-10
oval:org.opensuse.security:def:45592	P	Security update for MozillaFirefox (Important)	2021-12-10
oval:org.opensuse.security:def:69755	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:45591	P	Security update for MozillaFirefox (Important)	2021-10-01
oval:org.opensuse.security:def:23962	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:47135	P	python-cupshelpers-1.5.7-7.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47431	P	libvte9-0.28.2-19.7 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47104	P	mailx-12.5-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47040	P	libksba8-1.3.0-23.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47844	P	pam_yubico-2.26-1.25 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46978	P	kdump-0.8.15-28.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:46894	P	at-3.1.14-7.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47898	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47380	P	libmysqlclient18-10.0.30-28.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47206	P	apache2-mod_nss-1.0.14-18.3 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:63509	P	postgresql-test-13-8.30 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:71827	P	glibc-2.31-7.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100843	P	glib2-devel-2.62.6-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62086	P	glibc-2.31-7.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62188	P	libopenssl-1_1-devel-1.1.1d-11.20.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62165	P	libjpeg8-8.1.2-5.15.7 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100844	P	glibc-2.31-7.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62164	P	libjpeg62-62.2.0-5.15.7 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62834	P	vino-3.22.0-9.32 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1919	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62361	P	yast2-security-4.3.16-1.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72727	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101266	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63008	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:46680	P	ibus-chewing-1.4.10.1-2.25 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46533	P	logwatch-7.4.0-13.101 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46442	P	iputils-s20121221-2.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46742	P	liblcms1-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46677	P	hardlink-1.0-6.45 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46648	P	e2fsprogs-1.42.11-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46589	P	vino-3.10.1-1.81 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46530	P	libyaml-0-2-0.1.6-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46450	P	libHX28-3.18-1.18 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:23897	P	Security update for avahi (Important)	2021-06-03
oval:org.opensuse.security:def:23906	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:69650	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:66718	P	Security update for curl (Moderate)	2021-04-01
oval:org.opensuse.security:def:66810	P	Security update for wavpack (Moderate)	2021-01-21
oval:org.opensuse.security:def:61752	P	glibc-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:93719	P	glibc-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49050	P	python-devel-2.7.13-28.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1862	P	glibc-devel-32bit-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:94130	P	glibc-devel-32bit-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63641	P	openconnect-7.08-6.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72670	P	glibc-devel-32bit-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107098	P	glibc-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63186	P	stunnel-5.44-1.29 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:116656	P	glibc-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62968	P	ocaml-4.05.0-13.5 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62951	P	glibc-devel-32bit-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62636	P	gnome-shell-3.34.4+4-1.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:107509	P	glibc-devel-32bit-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:117067	P	glibc-devel-32bit-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71493	P	glibc-2.26-13.48.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:70166	P	Security update for python (Important)	2020-12-02
oval:org.opensuse.security:def:18098	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:46243	P	Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:18285	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:46109	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:70061	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46025	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:45901	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:18681	P	Security update for php5 (Important)	2020-12-01
oval:org.opensuse.security:def:19178	P	Security update for fontforge (Moderate)	2020-12-01
oval:org.opensuse.security:def:45717	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:18648	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24593	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:66399	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45998	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:18536	P	Security update for libevent (Moderate)	2020-12-01
oval:org.opensuse.security:def:24555	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:19439	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:45985	P	Security update for sudo (Important)	2020-12-01
oval:org.opensuse.security:def:18498	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:24543	P	Security update for python-xdg (Moderate)	2020-12-01
oval:org.opensuse.security:def:18277	P	Security update for libxslt (Moderate)	2020-12-01
oval:org.opensuse.security:def:18464	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:18406	P	Security update for ncurses (Moderate)	2020-12-01
oval:org.opensuse.security:def:63988	P	Security update for LibreOffice (Moderate)	2020-12-01
oval:org.opensuse.security:def:18320	P	Security update for libvorbis (Moderate)	2020-12-01
oval:org.opensuse.security:def:63883	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:63843	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:73090	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45984	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:63745	P	Security update for libsolv, libzypp, zypper (Moderate)	2020-12-01
oval:org.opensuse.security:def:46310	P	Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24464	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:19413	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:46118	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:24415	P	Security update for hostinfo, supportutils (Important)	2020-12-01
oval:org.opensuse.security:def:25057	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:24272	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:25013	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25263	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:24202	P	Security update for spice (Moderate)	2020-12-01
oval:org.opensuse.security:def:24999	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:63938	P	Security update for Mesa (Moderate)	2020-12-01
oval:org.opensuse.security:def:24153	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:24080	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:72972	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18540	P	Security update for cups (Moderate)	2020-12-01
oval:org.opensuse.security:def:49104	P	glibc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24300	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:18518	P	Security update for libvpx (Moderate)	2020-12-01
oval:org.opensuse.security:def:73501	P	glibc-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18506	P	Security update for slf4j (Important)	2020-12-01
oval:org.opensuse.security:def:49780	P	cups-ddk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24912	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:25231	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24859	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:64023	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:24709	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:25730	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:18064	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:24626	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:24290	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:24570	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:24489	P	Security update for bzip2 (Important)	2020-12-01
oval:org.opensuse.security:def:18449	P	Security update for mysql-connector-java (Moderate)	2020-12-01
oval:org.opensuse.security:def:73383	P	gcab on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24363	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:18417	P	Security update for freerdp (Important)	2020-12-01
oval:org.opensuse.security:def:18775	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49834	P	glibc-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:45604	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP3) (Important)	2020-12-01
oval:org.opensuse.security:def:18307	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18751	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:19204	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:18271	P	Security update for firebird (Moderate)	2020-12-01
oval:org.opensuse.security:def:18739	P	Security update for libapr1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:66307	P	Security update for openconnect (Moderate)	2020-12-01
oval:org.opensuse.security:def:18056	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:18240	P	Security update for rrdtool (Low)	2020-12-01
oval:org.opensuse.security:def:25695	P	Security update for gcc9 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18183	P	Security update for gimp (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20204444	P	RHSA-2020:4444: glibc security, bug fix, and enhancement update (Moderate)	2020-11-04
oval:org.opensuse.security:def:126161	P	Security update for glibc (Important)	2020-03-31
oval:org.opensuse.security:def:126577	P	Security update for glibc (Important)	2020-03-31
oval:org.opensuse.security:def:89001	P	Security update for glibc (Important)	2020-03-31
oval:com.ubuntu.bionic:def:202017510000000	V	CVE-2020-1751 on Ubuntu 18.04 LTS (bionic) - medium.	2020-03-10
oval:com.ubuntu.xenial:def:202017510000000	V	CVE-2020-1751 on Ubuntu 16.04 LTS (xenial) - medium.	2020-03-10

BACK