{"api_version":"1","generated_at":"2026-04-23T00:39:25+00:00","cve":"CVE-2020-1751","urls":{"html":"https://cve.report/CVE-2020-1751","api":"https://cve.report/api/cve/CVE-2020-1751.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-1751","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-1751"},"summary":{"title":"CVE-2020-1751","description":"An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-04-17 19:15:00","updated_at":"2023-11-07 03:19:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751","refsource":"CONFIRM","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1810719 – (CVE-2020-1751) CVE-2020-1751 glibc: array overflow in backtrace functions for powerpc","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20200430-0002/","name":"https://security.netapp.com/advisory/ntap-20200430-0002/","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"CVE-2020-1751 GNU C Library (glibc) Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=25423","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=25423","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"25423 – (CVE-2020-1751) Array overflow in backtrace on powerpc (CVE-2020-1751)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202006-04","name":"GLSA-202006-04","refsource":"GENTOO","tags":[],"title":"glibc: Multiple vulnerabilities (GLSA 202006-04) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://usn.ubuntu.com/4416-1/","name":"USN-4416-1","refsource":"UBUNTU","tags":[],"title":"USN-4416-1: GNU C Library vulnerabilities | Ubuntu security notices | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-1751","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-1751","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"16.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"esm","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"18.04","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"lts","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"canonical","cpe5":"ubuntu_linux","cpe6":"19.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnu","cpe5":"glibc","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"1751","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-1751","qid":"377356","title":"Alibaba Cloud Linux Security Update for glibc (ALINUX3-SA-2022:0122)"},{"cve":"CVE-2020-1751","qid":"770068","title":"Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)"},{"cve":"CVE-2020-1751","qid":"900018","title":"CBL-Mariner Linux Security Update for glibc 2.28"},{"cve":"CVE-2020-1751","qid":"903140","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (2552)"},{"cve":"CVE-2020-1751","qid":"905968","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (2552-1)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-1751","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Red Hat","product":{"product_data":[{"product_name":"glibc","version":{"version_data":[{"version_value":"2.31"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-787"}]}]},"references":{"reference_data":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1751","refsource":"CONFIRM"},{"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=25423","name":"https://sourceware.org/bugzilla/show_bug.cgi?id=25423","refsource":"MISC"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20200430-0002/","url":"https://security.netapp.com/advisory/ntap-20200430-0002/"},{"refsource":"GENTOO","name":"GLSA-202006-04","url":"https://security.gentoo.org/glsa/202006-04"},{"refsource":"UBUNTU","name":"USN-4416-1","url":"https://usn.ubuntu.com/4416-1/"}]},"description":{"description_data":[{"lang":"eng","value":"An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability."}]},"impact":{"cvss":[[{"vectorString":"5.1/CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"}]]}},"nvd":{"publishedDate":"2020-04-17 19:15:00","lastModifiedDate":"2023-11-07 03:19:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH"},"exploitabilityScore":1,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:M/Au:N/C:P/I:P/A:C","accessVector":"LOCAL","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":5.9},"severity":"MEDIUM","exploitabilityScore":3.4,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*","versionEndExcluding":"2.31","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"1751","Ordinal":"160989","Title":"CVE-2020-1751","CVE":"CVE-2020-1751","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"1751","Ordinal":"1","NoteData":"An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"1751","Ordinal":"2","NoteData":"2020-04-17","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"1751","Ordinal":"3","NoteData":"2020-07-09","Type":"Other","Title":"Modified"}]}}}