CVE-2020-14155

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://seclists.org/fulldisclosure/2020/Dec/32	Mailing List Third Party Advisory
http://seclists.org/fulldisclosure/2021/Feb/14	Mailing List Third Party Advisory
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/	Third Party Advisory
https://bugs.gentoo.org/717920	Issue Tracking Patch Third Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0010/	Third Party Advisory
https://support.apple.com/kb/HT211931	Third Party Advisory
https://support.apple.com/kb/HT212147	Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.pcre.org/original/changelog.txt	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*
	cpe:2.3:a:gitlab:gitlab:::::community:::*
	cpe:2.3:a:gitlab:gitlab:::::enterprise:::*

Configuration 4 (hide)

cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
	cpe:2.3:a:netapp:cloud_backup:-:::::::*
	cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*
	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
	cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Configuration 11 (hide)

OR	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*

History

27 Mar 2024, 16:04

Type	Values Removed	Values Added
CPE		cpe:2.3:a:splunk:universal_forwarder:::::::: cpe:2.3:a:splunk:universal_forwarder:9.1.0:::::::*
First Time		Splunk Splunk universal Forwarder
References	~~() https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E -~~	() https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E - Mailing List, Third Party Advisory

07 Nov 2023, 03:17

Type	Values Removed	Values Added
References	{'url': 'https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E', 'name': '[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}	() https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E -

03 Dec 2022, 03:00

Type	Values Removed	Values Added
CPE		cpe:2.3:o:netapp:h410c_firmware:-:::::::* cpe:2.3:h:netapp:h300s:-:::::::* cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere:: cpe:2.3:h:netapp:h410s:-:::::::* cpe:2.3:o:netapp:h410s_firmware:-:::::::* cpe:2.3:h:netapp:h410c:-:::::::* cpe:2.3:o:netapp:h300s_firmware:-:::::::* cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:::::::* cpe:2.3:a:netapp:clustered_data_ontap:-:::::::* cpe:2.3:h:netapp:h700s:-:::::::* cpe:2.3:h:netapp:h500s:-:::::::* cpe:2.3:o:netapp:h700s_firmware:-:::::::* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::* cpe:2.3:o:netapp:h500s_firmware:-:::::::* cpe:2.3:a:netapp:cloud_backup:-:::::::*
First Time		Netapp active Iq Unified Manager Netapp h700s Netapp h500s Netapp h700s Firmware Netapp h410c Firmware Netapp Netapp cloud Backup Netapp h410s Netapp ontap Select Deploy Administration Utility Netapp h300s Firmware Netapp clustered Data Ontap Netapp h500s Firmware Netapp h300s Netapp h410c Netapp steelstore Cloud Integrated Storage Netapp h410s Firmware
References	~~(CONFIRM) https://security.netapp.com/advisory/ntap-20221028-0010/ -~~	(CONFIRM) https://security.netapp.com/advisory/ntap-20221028-0010/ - Third Party Advisory

28 Oct 2022, 17:15

Type	Values Removed	Values Added
References		(CONFIRM) https://security.netapp.com/advisory/ntap-20221028-0010/ -

28 Apr 2022, 15:06

Type	Values Removed	Values Added
First Time		Oracle Oracle communications Cloud Native Core Policy
CPE		cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
References	~~(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -~~	(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory

20 Apr 2022, 00:15

Type	Values Removed	Values Added
References		(MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

22 Sep 2021, 14:22

Type	Values Removed	Values Added
CPE	cpe:2.3:o:apple:mac_os::::::::	cpe:2.3:o:apple:macos::::::::

04 Mar 2021, 21:43

Type	Values Removed	Values Added
References	~~(MLIST) https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E -~~	(MLIST) https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E - Mailing List, Third Party Advisory

25 Feb 2021, 17:15

Type	Values Removed	Values Added
References		(MLIST) https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E -

10 Feb 2021, 16:40

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:mac_os:::::::: cpe:2.3:a:gitlab:gitlab:::::enterprise:::* cpe:2.3:a:gitlab:gitlab:::::community:::*
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2020/Dec/32 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2020/Dec/32 - Mailing List, Third Party Advisory
References	~~(MISC) https://bugs.gentoo.org/717920 - Third Party Advisory~~	(MISC) https://bugs.gentoo.org/717920 - Issue Tracking, Patch, Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/kb/HT212147 -~~	(CONFIRM) https://support.apple.com/kb/HT212147 - Third Party Advisory
References	~~(FULLDISC) http://seclists.org/fulldisclosure/2021/Feb/14 -~~	(FULLDISC) http://seclists.org/fulldisclosure/2021/Feb/14 - Mailing List, Third Party Advisory
References	~~(CONFIRM) https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/ -~~	(CONFIRM) https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/ - Third Party Advisory
References	~~(CONFIRM) https://support.apple.com/kb/HT211931 -~~	(CONFIRM) https://support.apple.com/kb/HT211931 - Third Party Advisory

02 Feb 2021, 11:15

Type	Values Removed	Values Added
References		(FULLDISC) http://seclists.org/fulldisclosure/2021/Feb/14 -

01 Feb 2021, 21:15

Type	Values Removed	Values Added
References		(CONFIRM) https://support.apple.com/kb/HT212147 -

Information

Published : 2020-06-15 17:15

Updated : 2024-03-27 16:04

NVD link : CVE-2020-14155

Mitre link : CVE-2020-14155

CVE.ORG link : CVE-2020-14155

JSON object : View

Products Affected

netapp

h700s_firmware
active_iq_unified_manager
clustered_data_ontap
h700s
h300s_firmware
cloud_backup
steelstore_cloud_integrated_storage
h300s
ontap_select_deploy_administration_utility
h410c_firmware
h410c
h500s
h410s
h410s_firmware
h500s_firmware

pcre

pcre

splunk

universal_forwarder

oracle

communications_cloud_native_core_policy

gitlab

gitlab

apple

macos

CWE

CWE-190

Integer Overflow or Wraparound

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-14155

5.3^/10

5.0^/10

Attach tags to `CVE-2020-14155`