CVE-2020-14155: Integer Overflow
First published: Mon Jun 15 2020(Updated: )
PCRE. Multiple issues were addressed by updating to version 8.44.
Credit: cve@mitre.org CVE-2019-20838 CVE-2020-14155 CVE-2019-20838 CVE-2020-14155 cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 | |
| Apple macOS Big Sur | <11.2 | 11.2 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple macOS Big Sur | <11.0.1 | 11.0.1 |
| redhat/pcre | <8.44 | 8.44 |
| Pcre Pcre | <8.44 | |
| Apple macOS | <11.0.1 | |
| GitLab GitLab | <12.10.13 | |
| GitLab GitLab | <12.10.13 | |
| GitLab GitLab | >=13.0.0<13.0.8 | |
| GitLab GitLab | >=13.0.0<13.0.8 | |
| GitLab GitLab | >=13.1.0<13.1.2 | |
| GitLab GitLab | >=13.1.0<13.1.2 | |
| Oracle Communications Cloud Native Core Policy | =1.15.0 | |
| Netapp Active Iq Unified Manager Vmware Vsphere | ||
| Netapp Cloud Backup | ||
| NetApp Clustered Data ONTAP | ||
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Steelstore Cloud Integrated Storage | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Splunk Universal Forwarder | >=8.2.0<8.2.12 | |
| Splunk Universal Forwarder | >=9.0.0<9.0.6 | |
| Splunk Universal Forwarder | =9.1.0 | |
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/fulldisclosure/2020/Dec/32
- http://seclists.org/fulldisclosure/2021/Feb/14
- https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/
- https://bugs.gentoo.org/717920
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://security.netapp.com/advisory/ntap-20221028-0010/
- https://support.apple.com/kb/HT211931
- https://support.apple.com/kb/HT212147
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.pcre.org/original/changelog.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/183499
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
- https://support.apple.com/en-us/HT212147 (Advisory)
- https://support.apple.com/en-us/HT211931 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1848442
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1848441
- https://bugs.exim.org/show_bug.cgi?id=2463
- https://vcs.pcre.org/pcre?view=revision&revision=1761
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1848436#c7
- https://access.redhat.com/errata/RHSA-2021:4373
- https://access.redhat.com/errata/RHSA-2021:4613
- https://access.redhat.com/errata/RHSA-2021:4614
- https://bugzilla.redhat.com/show_bug.cgi?id=1848436
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1761
- CVE-2021-1797
- CVE-2020-27945
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1787
- CVE-2021-1786
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1791
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1758
- CVE-2021-1783
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1773
- CVE-2021-1778
- CVE-2021-1736
- CVE-2021-1785
- CVE-2021-1766
- CVE-2021-1818
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1779
- CVE-2021-1757
- CVE-2020-27904
- CVE-2021-1764
- CVE-2021-1782
- CVE-2021-1750
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1765
- CVE-2021-1801
- CVE-2021-1789
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2020-27914
- CVE-2020-27915
- CVE-2020-27903
- CVE-2020-27910
- CVE-2020-27916
- CVE-2020-9943
- CVE-2020-9944
- CVE-2020-27906
- CVE-2020-27908
- CVE-2020-27909
- CVE-2020-9960
- CVE-2020-10017
- CVE-2020-9949
- CVE-2020-9897
- CVE-2020-9883
- CVE-2020-10003
- CVE-2020-27922
- CVE-2020-9999
- CVE-2020-9965
- CVE-2020-9966
- CVE-2020-27894
- CVE-2020-36615
- CVE-2020-29629
- CVE-2020-27942
- CVE-2020-9962
- CVE-2020-27952
- CVE-2020-9956
- CVE-2020-27931
- CVE-2020-27930
- CVE-2020-27927
- CVE-2020-29639
- CVE-2020-10002
- CVE-2020-9978
- CVE-2020-9955
- CVE-2020-27924
- CVE-2020-27912
- CVE-2020-27923
- CVE-2020-9876
- CVE-2020-10015
- CVE-2020-27897
- CVE-2020-27907
- CVE-2020-27919
- CVE-2020-9967
- CVE-2020-9975
- CVE-2020-27921
- CVE-2019-14899
- CVE-2020-27950
- CVE-2020-9974
- CVE-2020-10016
- CVE-2020-27932
- CVE-2020-27917
- CVE-2020-27920
- CVE-2020-27911
- CVE-2020-9971
- CVE-2020-10014
- CVE-2020-10010
- CVE-2020-9941
- CVE-2020-9988
- CVE-2020-9989
- CVE-2020-10011
- CVE-2020-13524
- CVE-2020-10004
- CVE-2020-9996
- CVE-2020-27901
- CVE-2020-27900
- CVE-2020-10007
- CVE-2020-27896
- CVE-2020-9963
- CVE-2020-10012
- CVE-2020-10663
- CVE-2020-9945
- CVE-2020-9977
- CVE-2020-9942
- CVE-2020-9987
- CVE-2021-1803
- CVE-2020-9969
- CVE-2020-27893
- CVE-2021-1755
- CVE-2020-10005
- CVE-2020-9991
- CVE-2020-9849
- CVE-2020-13631
- CVE-2020-13434
- CVE-2020-13435
- CVE-2020-13630
- CVE-2020-27899
- CVE-2020-10009
- CVE-2020-10008
- CVE-2020-27918
- CVE-2020-9947
- CVE-2020-9950
- CVE-2020-27898
- CVE-2020-27935
- CVE-2020-10006
Frequently Asked Questions
What is CVE-2020-14155?
CVE-2020-14155 is a vulnerability in PCRE that could allow a remote attacker to execute arbitrary code on the system.
What is the severity of CVE-2020-14155?
The severity of CVE-2020-14155 is high, with a severity value of 7.3.
Which software versions are affected by CVE-2020-14155?
macOS Big Sur versions up to 11.2, Apple Catalina, Apple Mojave, PCRE versions up to 8.44, IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10 are affected by CVE-2020-14155.
How can I fix CVE-2020-14155?
To fix CVE-2020-14155, update your software to the recommended versions: macOS Big Sur 11.0.1 or later, PCRE 8.45 or later, and IBM QRadar SIEM 7.5.0 GA or later.
Where can I find more information about CVE-2020-14155?
You can find more information about CVE-2020-14155 in the references provided: Apple support page, Gentoo bug tracker, and the PCRE changelog.
- collector/ibm-support
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/apple-support
- alias/CVE-2020-14155
- agent/software-canonical-lookup-request
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- agent/event
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- collector/nvd-api
- source/NVD
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10
- vendor/apple
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- package-manager/redhat
- vendor/pcre
- canonical/pcre pcre
- canonical/apple macos
- vendor/gitlab
- canonical/gitlab gitlab
- version/gitlab gitlab/13.0.0
- version/gitlab gitlab/13.1.0
- vendor/oracle
- canonical/oracle communications cloud native core policy
- version/oracle communications cloud native core policy/1.15.0
- vendor/netapp
- canonical/netapp active iq unified manager vmware vsphere
- canonical/netapp cloud backup
- canonical/netapp clustered data ontap
- canonical/netapp ontap select deploy administration utility
- canonical/netapp steelstore cloud integrated storage
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- vendor/splunk
- canonical/splunk universal forwarder
- version/splunk universal forwarder/8.2.0
- version/splunk universal forwarder/9.0.0
- version/splunk universal forwarder/9.1.0