CVE-2020-14155

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions PCRE versions prior to 8.44

Description The issue is related to an integer overflow in the libpcre component of the PCRE library, which can be triggered by a large number after a (C substring. This can allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 8.44, update to version 8.44 to resolve the issue. As a temporary workaround, consider restricting the use of large numbers after (C substrings in regular expressions until the update is applied.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2021:4373

ALT-PU-2020-1328

ALT-PU-2020-1703

BDU:2023-07621

BIT-GITLAB-2020-14155

CESA-2021_4373

CVE-2020-14155

OPENSUSE-SU-2021:1441-1

OPENSUSE-SU-2021:3529-1

OPENSUSE-SU-2021_1441-1

OPENSUSE-SU-2021_3529-1

RHSA-2021:4373

RHSA-2021:4614

RHSA-2021_4373

RLSA-2021:4373

SUSE-SU-2021:3529-1

SUSE-SU-2021:3652-1

USN-5425-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Gitlab

Linuxmint

Apple Macos

Pcre

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2020-14155

Weakness Enumeration

Related Identifiers

Affected Products

References · 65