Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for glibc by Red Hat

    CVE-2020-1751 (GCVE-0-2020-1751)

    Vulnerability from nvd – Published: 2020-04-17 18:32 – Updated: 2024-08-04 06:46
    VLAI
    Summary
    An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat glibc Affected: 2.31
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:46:30.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200430-0002/"
              },
              {
                "name": "GLSA-202006-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202006-04"
              },
              {
                "name": "USN-4416-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4416-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "glibc",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-09T19:06:12.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200430-0002/"
            },
            {
              "name": "GLSA-202006-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202006-04"
            },
            {
              "name": "USN-4416-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4416-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-1751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "glibc",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.1/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751"
                },
                {
                  "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423",
                  "refsource": "MISC",
                  "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200430-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200430-0002/"
                },
                {
                  "name": "GLSA-202006-04",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202006-04"
                },
                {
                  "name": "USN-4416-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4416-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-1751",
        "datePublished": "2020-04-17T18:32:44.000Z",
        "dateReserved": "2019-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:46:30.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-1751 (GCVE-0-2020-1751)

    Vulnerability from cvelistv5 – Published: 2020-04-17 18:32 – Updated: 2024-08-04 06:46
    VLAI
    Summary
    An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat glibc Affected: 2.31
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T06:46:30.859Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20200430-0002/"
              },
              {
                "name": "GLSA-202006-04",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202006-04"
              },
              {
                "name": "USN-4416-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/4416-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "glibc",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.31"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "CWE-787",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-09T19:06:12.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20200430-0002/"
            },
            {
              "name": "GLSA-202006-04",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202006-04"
            },
            {
              "name": "USN-4416-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/4416-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2020-1751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "glibc",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.31"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Red Hat"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."
                }
              ]
            },
            "impact": {
              "cvss": [
                [
                  {
                    "vectorString": "5.1/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                    "version": "3.0"
                  }
                ]
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-787"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751"
                },
                {
                  "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423",
                  "refsource": "MISC",
                  "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25423"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20200430-0002/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20200430-0002/"
                },
                {
                  "name": "GLSA-202006-04",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202006-04"
                },
                {
                  "name": "USN-4416-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/4416-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2020-1751",
        "datePublished": "2020-04-17T18:32:44.000Z",
        "dateReserved": "2019-11-27T00:00:00.000Z",
        "dateUpdated": "2024-08-04T06:46:30.859Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }