Out-of-bounds Write

Affecting glibc package, versions <2.27-3ubuntu1.2

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade glibc to version or higher.

References

CVSS Score

7.0
medium severity
  • Attack Vector
    Local
  • Attack Complexity
    High
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    High
  • Availability
    High
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE
CVE-2020-1751
CWE
CWE-787
Snyk ID
SNYK-UBUNTU1804-GLIBC-571394
Disclosed
17 Apr, 2020
Published
07 Mar, 2020