CVE-2020-14155 — MEDIUM (5.3)

Q: What is CVE-2020-14155?

CVE-2020-14155 is a vulnerability with a CVSS score of 5.3 (MEDIUM). libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Q: How severe is CVE-2020-14155?

CVE-2020-14155 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14155?

Check the references section above for vendor advisories and patch information. Affected products include: Pcre Pcre, Apple Macos, Gitlab Gitlab, Oracle Communications Cloud Native Core Policy, Netapp Active Iq Unified Manager.

Vulnerability Description

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Pcre	Pcre	< 8.44
Apple	Macos	< 11.0.1
Gitlab	Gitlab	< 12.10.13
Oracle	Communications Cloud Native Core Policy	1.15.0
Netapp	Active Iq Unified Manager	-
Netapp	Cloud Backup	-
Netapp	Clustered Data Ontap	-
Netapp	Ontap Select Deploy Administration Utility	-
Netapp	Steelstore Cloud Integrated Storage	-
Netapp	H410C Firmware	-
Netapp	H410C	-
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Splunk	Universal Forwarder	>= 8.2.0, < 8.2.12

Related Weaknesses (CWE)

CWE-190

References

http://seclists.org/fulldisclosure/2020/Dec/32Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2021/Feb/14Mailing ListThird Party Advisory
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/Third Party Advisory
https://bugs.gentoo.org/717920Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430Mailing ListThird Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0010/Third Party Advisory
https://support.apple.com/kb/HT211931Third Party Advisory
https://support.apple.com/kb/HT212147Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.pcre.org/original/changelog.txtRelease NotesVendor Advisory
http://seclists.org/fulldisclosure/2020/Dec/32Mailing ListThird Party Advisory
http://seclists.org/fulldisclosure/2021/Feb/14Mailing ListThird Party Advisory
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/Third Party Advisory
https://bugs.gentoo.org/717920Issue TrackingPatchThird Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430Mailing ListThird Party Advisory

FAQ

What is CVE-2020-14155?

CVE-2020-14155 is a vulnerability with a CVSS score of 5.3 (MEDIUM). libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

How severe is CVE-2020-14155?

CVE-2020-14155 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14155?

Check the references section above for vendor advisories and patch information. Affected products include: Pcre Pcre, Apple Macos, Gitlab Gitlab, Oracle Communications Cloud Native Core Policy, Netapp Active Iq Unified Manager.