CVE-2020-14155

MEDIUM EPSS 89.7%
Published Jun 15, 20206y ago · Modified Jun 17, 20262w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Jun 15, 2020 6y ago
Last Modified Jun 17, 2026 2w ago

Description

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability Low

Threat Intelligence

EPSS Exploit Probability
89.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 27

VendorProductVersionRange
pcrepcre* <8.44
applemacos* <11.0.1
gitlabgitlab* <12.10.13
gitlabgitlab* <12.10.13
gitlabgitlab*≥13.0.0  –  <13.0.8
gitlabgitlab*≥13.0.0  –  <13.0.8
gitlabgitlab*≥13.1.0  –  <13.1.2
gitlabgitlab*≥13.1.0  –  <13.1.2
oraclecommunications_cloud_native_core_policy1.15.0any
netappactive_iq_unified_manager*any
netappcloud_backup*any
netappclustered_data_ontap*any
netappontap_select_deploy_administration_utility*any
netappsteelstore_cloud_integrated_storage*any
netapph410c_firmware*any
netapph410c*any
netapph300s_firmware*any
netapph300s*any
netapph500s_firmware*any
netapph500s*any
netapph700s_firmware*any
netapph700s*any
netapph410s_firmware*any
netapph410s*any
splunkuniversal_forwarder*≥8.2.0  –  <8.2.12
splunkuniversal_forwarder*≥9.0.0  –  <9.0.6
splunkuniversal_forwarder9.1.0any

References 10

  • seclists.org http://seclists.org/fulldisclosure/2020/Dec/32
    Mailing ListThird Party Advisory
  • seclists.org http://seclists.org/fulldisclosure/2021/Feb/14
    Mailing ListThird Party Advisory
  • about.gitlab.com https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
    Third Party Advisory
  • bugs.gentoo.org https://bugs.gentoo.org/717920
    Issue TrackingPatchThird Party Advisory
  • lists.apache.org https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
    Mailing ListThird Party Advisory
  • security.netapp.com https://security.netapp.com/advisory/ntap-20221028-0010/
    Third Party Advisory
  • support.apple.com https://support.apple.com/kb/HT211931
    Third Party Advisory
  • support.apple.com https://support.apple.com/kb/HT212147
    Third Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2022.html
    PatchThird Party Advisory
  • pcre.org https://www.pcre.org/original/changelog.txt
    Release NotesVendor Advisory

Remediation

  • bugs.gentoo.org https://bugs.gentoo.org/717920
    Issue TrackingPatchThird Party Advisory
  • oracle.com https://www.oracle.com/security-alerts/cpuapr2022.html
    PatchThird Party Advisory