Vulnerability CVE-2020-14155

Vulnerability Name:

CVE-2020-14155 (CCN-183499)

Assigned:

2020-04-17

Published:

2020-04-17

Updated:

2022-12-03

Summary:

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

5.3 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-14155

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: PCRE Web site
PCRE - Perl Compatible Regular Expressions

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Gentoo's Bugzilla Bug 717920
Multiple vulnerabilities (CVE-2019-20838, CVE-2020-14155)

Source: cve@mitre.org
Type: Issue Tracking, Patch, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
pcre-cve202014155-overflow(183499)

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: Apple security document HT211931
About the security content of macOS Big Sur 11.0.1

Source: CCN
Type: Apple security document HT212147
About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6250519 (Watson Machine Learning Community Edition)
WMLCE: libpcre in PCRE before 8.44 allows an integer overflow

Source: CCN
Type: IBM Security Bulletin 6395490 (Tivoli Network Manager IP Edition)
A security vulnerability has been identified in PCRE, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-14155)

Source: CCN
Type: IBM Security Bulletin 6395544 (Netezza SQL Extensions Toolkit)
Vulnerability in PCRE affects IBM Netezza SQL Extensions Toolkit

Source: CCN
Type: IBM Security Bulletin 6454431 (SQL Extensions Toolkit for NPS)
Vulnerability in PCRE affects IBM SQL Extensions Toolkit for NPS

Source: CCN
Type: IBM Security Bulletin 6541298 (Cloud Pak for Automation)
Multiple security vulnerabilities fixed in Cloud Pak for Automation components

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6560126 (Sterling Connect:Direct for UNIX Certified Container)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Source: CCN
Type: IBM Security Bulletin 6574787 (QRadar SIEM)
IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6856409 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Release Notes, Vendor Advisory
cve@mitre.org

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:pcre:pcre:8.43:*:*:*:*:*:*:*

AND

cpe:/a:ibm:tivoli_network_manager:3.9:*:ip:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:watson_machine_learning:1.6.2:*:community:*:*:*:*:*

OR cpe:/a:ibm:watson_machine_learning:1.7.0:*:community:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7640	P	libpcre1-32bit-8.45-150000.20.13.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51980	P	Security update for sudo (Important)	2023-01-20
oval:org.opensuse.security:def:798	P	Security update for colord (Moderate)	2022-10-04
oval:org.opensuse.security:def:3699	P	Security update for python3 (Important)	2022-07-11
oval:org.opensuse.security:def:3513	P	gstreamer-plugins-bad-1.8.3-17.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3054	P	dosfstools-3.0.26-6.5 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94625	P	libblkid-devel-2.37.2-150400.6.26 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94684	P	libpcre1-32bit-8.45-20.10.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95421	P	Security update for pidgin (Important)	2022-05-17
oval:org.opensuse.security:def:35276	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:84690	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31298	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:19617	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:59561	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:55266	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:87504	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:127189	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:33738	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:83352	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:4285	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:29443	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:57524	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:89474	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:85762	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:125100	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:31701	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:23700	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:59819	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:55968	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:88215	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:33996	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:83472	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:5149	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:30145	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:19518	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:58037	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:51688	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:86165	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:125625	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:32214	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:23992	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:60411	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:56088	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:88532	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:34588	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:84232	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:6306	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:30265	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:19568	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:58863	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:86678	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:126792	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:33040	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:82650	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:26162	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:61099	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:57121	P	Security update for pcre (Moderate)	2021-11-10
oval:org.opensuse.security:def:89216	P	Security update for pcre (Moderate)	2021-11-10
oval:com.redhat.rhsa:def:20214373	P	RHSA-2021:4373: pcre security update (Low)	2021-11-09
oval:org.opensuse.security:def:111121	P	Security update for pcre (Moderate)	2021-11-02
oval:org.opensuse.security:def:117518	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:67301	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:93982	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:42134	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:99155	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:6212	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:64602	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:93427	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:108800	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:100673	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:76369	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:94194	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:42232	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:99690	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:73724	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:64788	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:93583	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:101338	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:94405	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:93109	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:111765	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:100008	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:73910	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:66962	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:93768	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:102134	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:5873	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:93269	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:108004	P	Security update for pcre (Moderate)	2021-10-27
oval:org.opensuse.security:def:100344	P	(Moderate)	2021-10-27
oval:org.opensuse.security:def:76030	P	Security update for pcre (Moderate)	2021-10-27

BACK