CVE-2020-14155

Name: CVE-2020-14155
Creator: NVD / NIST
Published: 2020-06-15T17:15:10.777+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 5.3/10EPSS 4.18%

Last modified Jun 17, 2026

CVE-2020-14155 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.. EPSS estimates a 4.18% chance of exploitation in the next 30 days.

Description

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Metrics

CVSS 3.1

5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability

4.18%

89.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-190

Affected Software

Vendor	Product	Versions
Pcre	Pcre	< 8.44
Apple	Macos	< 11.0.1
Gitlab	Gitlab	< 12.10.13
Gitlab	Gitlab	>= 13.0.0, < 13.0.8
Gitlab	Gitlab	>= 13.1.0, < 13.1.2
Oracle	Communications Cloud Native Core Policy	1.15.0
Netapp	Active Iq Unified Manager	All versions
Netapp	Cloud Backup	All versions
Netapp	Clustered Data Ontap	All versions
Netapp	Ontap Select Deploy Administration Utility	All versions
Netapp	Steelstore Cloud Integrated Storage	All versions
Netapp	H410c Firmware	All versions
Netapp	H300s Firmware	All versions
Netapp	H500s Firmware	All versions
Netapp	H700s Firmware	All versions
Netapp	H410s Firmware	All versions
Splunk	Universal Forwarder	>= 8.2.0, < 8.2.12
Splunk	Universal Forwarder	>= 9.0.0, < 9.0.6
Splunk	Universal Forwarder	9.1.0

References

http://seclists.org/fulldisclosure/2020/Dec/32Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2021/Feb/14Mailing List, Third Party Advisory
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/Third Party Advisory
https://bugs.gentoo.org/717920Issue Tracking, Patch, Third Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3EMailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0010/Third Party Advisory
https://support.apple.com/kb/HT211931Third Party Advisory
https://support.apple.com/kb/HT212147Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
https://www.pcre.org/original/changelog.txtRelease Notes, Vendor Advisory
http://seclists.org/fulldisclosure/2020/Dec/32Mailing List, Third Party Advisory
http://seclists.org/fulldisclosure/2021/Feb/14Mailing List, Third Party Advisory
https://about.gitlab.com/releases/2020/07/01/security-release-13-1-2-release/Third Party Advisory
https://bugs.gentoo.org/717920Issue Tracking, Patch, Third Party Advisory
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3EMailing List, Third Party Advisory
https://security.netapp.com/advisory/ntap-20221028-0010/Third Party Advisory
https://support.apple.com/kb/HT211931Third Party Advisory
https://support.apple.com/kb/HT212147Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
https://www.pcre.org/original/changelog.txtRelease Notes, Vendor Advisory

Timeline

Published: Jun 15, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-14155?

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

How severe is CVE-2020-14155?

CVE-2020-14155 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 4.18% probability of exploitation in the next 30 days.

How do I fix CVE-2020-14155?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-14155?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST