CVE-2020-14155
pcre: Integer overflow when parsing callout numeric arguments
Severity Score
5.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
libpcre en PCRE versiones anteriores a 8.44, permite un desbordamiento de enteros por medio de un número grande después de una subcadena (?C
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Issues addressed include buffer over-read, heap overflow, integer overflow, and null pointer vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-15 CVE Reserved
- 2020-06-15 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2020/Dec/32 | Mailing List |
|
| http://seclists.org/fulldisclosure/2021/Feb/14 | Mailing List |
|
| https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release | Third Party Advisory | |
| https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E | Mailing List | |
| https://security.netapp.com/advisory/ntap-20221028-0010 | Third Party Advisory |
|
| https://support.apple.com/kb/HT211931 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212147 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.gentoo.org/717920 | 2024-03-27 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2024-03-27 |
| URL | Date | SRC |
|---|---|---|
| https://www.pcre.org/original/changelog.txt | 2024-03-27 | |
| https://access.redhat.com/security/cve/CVE-2020-14155 | 2021-11-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1848436 | 2021-11-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H410c Firmware Search vendor "Netapp" for product "H410c Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410c Search vendor "Netapp" for product "H410c" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Pcre Search vendor "Pcre" | Pcre Search vendor "Pcre" for product "Pcre" | < 8.44 Search vendor "Pcre" for product "Pcre" and version " < 8.44" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | < 11.0.1 Search vendor "Apple" for product "Macos" and version " < 11.0.1" | - |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | < 12.10.13 Search vendor "Gitlab" for product "Gitlab" and version " < 12.10.13" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | < 12.10.13 Search vendor "Gitlab" for product "Gitlab" and version " < 12.10.13" | enterprise |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.0.0 < 13.0.8 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.0.0 < 13.0.8" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.0.0 < 13.0.8 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.0.0 < 13.0.8" | enterprise |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.1.0 < 13.1.2 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.1.0 < 13.1.2" | community |
Affected
| ||||||
| Gitlab Search vendor "Gitlab" | Gitlab Search vendor "Gitlab" for product "Gitlab" | >= 13.1.0 < 13.1.2 Search vendor "Gitlab" for product "Gitlab" and version " >= 13.1.0 < 13.1.2" | enterprise |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Policy Search vendor "Oracle" for product "Communications Cloud Native Core Policy" | 1.15.0 Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.15.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager" | - | vmware_vsphere |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 8.2.0 < 8.2.12 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 8.2.0 < 8.2.12" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | >= 9.0.0 < 9.0.6 Search vendor "Splunk" for product "Universal Forwarder" and version " >= 9.0.0 < 9.0.6" | - |
Affected
| ||||||
| Splunk Search vendor "Splunk" | Universal Forwarder Search vendor "Splunk" for product "Universal Forwarder" | 9.1.0 Search vendor "Splunk" for product "Universal Forwarder" and version "9.1.0" | - |
Affected
| ||||||