Search for vulnerabilities
Vulnerability details: VCID-ff5y-xrap-aaah
Vulnerability ID VCID-ff5y-xrap-aaah
Aliases CVE-2020-14155
Summary libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.
Status Published
Exploitability 0.5
Weighted Severity 7.1
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-190 Integer Overflow or Wraparound
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2021:4373
rhas Moderate https://access.redhat.com/errata/RHSA-2021:4613
rhas Moderate https://access.redhat.com/errata/RHSA-2021:4614
cvssv3 5.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14155.json
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00152 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00513 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00688 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00900 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00900 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
epss 0.00900 https://api.first.org/data/v1/epss?cve=CVE-2020-14155
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1848436
cvssv3.1 7.5 http://seclists.org/fulldisclosure/2020/Dec/32
generic_textual HIGH http://seclists.org/fulldisclosure/2020/Dec/32
cvssv3.1 6.2 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 3.7 https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
generic_textual LOW https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2020-14155
cvssv3 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14155
cvssv3.1 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-14155
cvssv3.1 7.5 https://support.apple.com/kb/HT211931
generic_textual HIGH https://support.apple.com/kb/HT211931
cvssv3.1 5.3 https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual MODERATE https://www.oracle.com/security-alerts/cpuapr2022.html
Reference id Reference type URL
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14155.json
https://api.first.org/data/v1/epss?cve=CVE-2020-14155
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
https://security.netapp.com/advisory/ntap-20221028-0010/
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.pcre.org/original/changelog.txt
1848436 https://bugzilla.redhat.com/show_bug.cgi?id=1848436
963086 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963086
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pcre:pcre:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*
cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
CVE-2020-14155 https://nvd.nist.gov/vuln/detail/CVE-2020-14155
RHSA-2021:4373 https://access.redhat.com/errata/RHSA-2021:4373
RHSA-2021:4613 https://access.redhat.com/errata/RHSA-2021:4613
RHSA-2021:4614 https://access.redhat.com/errata/RHSA-2021:4614
USN-5425-1 https://usn.ubuntu.com/5425-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14155.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2020/Dec/32
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14155
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14155
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2020-14155
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://support.apple.com/kb/HT211931
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.32604
EPSS Score 0.00152
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.