Lucene search

[email protected]CVE-2020-14155

HistoryJun 15, 2020 - 5:15 p.m.

CVE-2020-14155

2020-06-1517:15:00

CWE-190

[email protected]

web.nvd.nist.gov

213

cve

2020

14155

integer overflow

libpcre

pcre

nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.8%

JSON

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CPENameOperatorVersion
pcre:pcrepcrelt8.44
apple:macosapple macoslt11.0.1
gitlab:gitlabgitlablt13.1.2
gitlab:gitlabgitlablt13.0.8
gitlab:gitlabgitlablt12.10.13
oracle:communications_cloud_native_core_policyoracle communications cloud native core policyeq1.15.0
netapp:cloud_backupnetapp cloud backupeq-
netapp:steelstore_cloud_integrated_storagenetapp steelstore cloud integrated storageeq-
netapp:ontap_select_deploy_administration_utilitynetapp ontap select deploy administration utilityeq-
netapp:clustered_data_ontapnetapp clustered data ontapeq-

CPE	Name	Operator	Version
pcre:pcre	pcre	lt	8.44
apple:macos	apple macos	lt	11.0.1
gitlab:gitlab	gitlab	lt	13.1.2
gitlab:gitlab	gitlab	lt	13.0.8
gitlab:gitlab	gitlab	lt	12.10.13
oracle:communications_cloud_native_core_policy	oracle communications cloud native core policy	eq	1.15.0
netapp:cloud_backup	netapp cloud backup	eq	-
netapp:steelstore_cloud_integrated_storage	netapp steelstore cloud integrated storage	eq	-
netapp:ontap_select_deploy_administration_utility	netapp ontap select deploy administration utility	eq	-
netapp:clustered_data_ontap	netapp clustered data ontap	eq	-